aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/cms
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/cms')
-rw-r--r--crypto/cms/Makefile305
-rw-r--r--crypto/cms/build.info5
-rw-r--r--crypto/cms/cms.h555
-rw-r--r--crypto/cms/cms_asn1.c152
-rw-r--r--crypto/cms/cms_att.c65
-rw-r--r--crypto/cms/cms_cd.c74
-rw-r--r--crypto/cms/cms_dd.c84
-rw-r--r--crypto/cms/cms_enc.c81
-rw-r--r--crypto/cms/cms_env.c147
-rw-r--r--crypto/cms/cms_err.c515
-rw-r--r--crypto/cms/cms_ess.c81
-rw-r--r--crypto/cms/cms_io.c63
-rw-r--r--crypto/cms/cms_kari.c111
-rw-r--r--crypto/cms/cms_lcl.h112
-rw-r--r--crypto/cms/cms_lib.c135
-rw-r--r--crypto/cms/cms_pwri.c176
-rw-r--r--crypto/cms/cms_sd.c197
-rw-r--r--crypto/cms/cms_smime.c213
18 files changed, 776 insertions, 2295 deletions
diff --git a/crypto/cms/Makefile b/crypto/cms/Makefile
deleted file mode 100644
index 6f3a83202638..000000000000
--- a/crypto/cms/Makefile
+++ /dev/null
@@ -1,305 +0,0 @@
-#
-# OpenSSL/crypto/cms/Makefile
-#
-
-DIR= cms
-TOP= ../..
-CC= cc
-INCLUDES= -I.. -I$(TOP) -I../../include
-CFLAG=-g
-MAKEFILE= Makefile
-AR= ar r
-
-CFLAGS= $(INCLUDES) $(CFLAG)
-
-GENERAL=Makefile
-TEST=
-APPS=
-
-LIB=$(TOP)/libcrypto.a
-LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
- cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
- cms_pwri.c cms_kari.c
-LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
- cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o \
- cms_pwri.o cms_kari.o
-
-SRC= $(LIBSRC)
-
-EXHEADER= cms.h
-HEADER= cms_lcl.h $(EXHEADER)
-
-ALL= $(GENERAL) $(SRC) $(HEADER)
-
-top:
- (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
-
-test:
-
-all: lib
-
-lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @touch lib
-
-files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-
-links:
- @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
- @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
- @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
-
-install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
- do \
- (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- done;
-
-tags:
- ctags $(SRC)
-
-tests:
-
-lint:
- lint -DLINT $(INCLUDES) $(SRC)>fluff
-
-update: depend
-
-depend:
- @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
- $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
-
-dclean:
- $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
- mv -f Makefile.new $(MAKEFILE)
-
-clean:
- rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
-
-# DO NOT DELETE THIS LINE -- make depend depends on it.
-
-cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_asn1.o: ../../include/openssl/opensslconf.h
-cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_asn1.o: cms.h cms_asn1.c cms_lcl.h
-cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_att.o: cms.h cms_att.c cms_lcl.h
-cms_cd.o: ../../e_os.h ../../include/openssl/asn1.h
-cms_cd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-cms_cd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_cd.o: ../../include/openssl/comp.h ../../include/openssl/conf.h
-cms_cd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-cms_cd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-cms_cd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-cms_cd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_cd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_cd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cms_cd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-cms_cd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-cms_cd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_cd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_cd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-cms_cd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_cd.c cms_lcl.h
-cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h
-cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_dd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_dd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_dd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_dd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_dd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_dd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-cms_dd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_dd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_dd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_dd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_dd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_dd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_dd.o: ../cryptlib.h cms_dd.c cms_lcl.h
-cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h
-cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_enc.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-cms_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_enc.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-cms_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-cms_enc.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_enc.c cms_lcl.h
-cms_env.o: ../../e_os.h ../../include/openssl/aes.h
-cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_env.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
-cms_env.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-cms_env.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-cms_env.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-cms_env.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_env.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_env.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cms_env.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-cms_env.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-cms_env.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
-cms_env.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_env.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_env.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_env.o: ../asn1/asn1_locl.h ../cryptlib.h cms_env.c cms_lcl.h
-cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
-cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-cms_err.o: cms_err.c
-cms_ess.o: ../../e_os.h ../../include/openssl/asn1.h
-cms_ess.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-cms_ess.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_ess.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_ess.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_ess.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_ess.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_ess.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_ess.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-cms_ess.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_ess.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_ess.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-cms_ess.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_ess.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_ess.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-cms_ess.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_ess.c cms_lcl.h
-cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
-cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
-cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
-cms_io.o: cms_io.c cms_lcl.h
-cms_kari.o: ../../e_os.h ../../include/openssl/aes.h
-cms_kari.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_kari.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_kari.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
-cms_kari.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-cms_kari.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-cms_kari.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-cms_kari.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_kari.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_kari.o: ../../include/openssl/opensslconf.h
-cms_kari.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_kari.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_kari.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-cms_kari.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_kari.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_kari.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-cms_kari.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
-cms_kari.o: cms_kari.c cms_lcl.h
-cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-cms_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_lib.o: cms.h cms_lcl.h cms_lib.c
-cms_pwri.o: ../../e_os.h ../../include/openssl/aes.h
-cms_pwri.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
-cms_pwri.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
-cms_pwri.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
-cms_pwri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-cms_pwri.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-cms_pwri.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-cms_pwri.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-cms_pwri.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-cms_pwri.o: ../../include/openssl/opensslconf.h
-cms_pwri.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_pwri.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_pwri.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-cms_pwri.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-cms_pwri.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-cms_pwri.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-cms_pwri.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
-cms_pwri.o: cms_lcl.h cms_pwri.c
-cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
-cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
-cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_sd.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_sd.c
-cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
-cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
-cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
-cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
-cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-cms_smime.o: ../../include/openssl/objects.h
-cms_smime.o: ../../include/openssl/opensslconf.h
-cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_smime.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_smime.c
diff --git a/crypto/cms/build.info b/crypto/cms/build.info
new file mode 100644
index 000000000000..cb675436ef06
--- /dev/null
+++ b/crypto/cms/build.info
@@ -0,0 +1,5 @@
+LIBS=../../libcrypto
+SOURCE[../../libcrypto]= \
+ cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
+ cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
+ cms_pwri.c cms_kari.c
diff --git a/crypto/cms/cms.h b/crypto/cms/cms.h
deleted file mode 100644
index e6c7f964bf48..000000000000
--- a/crypto/cms/cms.h
+++ /dev/null
@@ -1,555 +0,0 @@
-/* crypto/cms/cms.h */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- */
-
-#ifndef HEADER_CMS_H
-# define HEADER_CMS_H
-
-# include <openssl/x509.h>
-
-# ifdef OPENSSL_NO_CMS
-# error CMS is disabled.
-# endif
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-typedef struct CMS_ContentInfo_st CMS_ContentInfo;
-typedef struct CMS_SignerInfo_st CMS_SignerInfo;
-typedef struct CMS_CertificateChoices CMS_CertificateChoices;
-typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
-typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
-typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
-typedef struct CMS_Receipt_st CMS_Receipt;
-typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
-typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
-
-DECLARE_STACK_OF(CMS_SignerInfo)
-DECLARE_STACK_OF(GENERAL_NAMES)
-DECLARE_STACK_OF(CMS_RecipientEncryptedKey)
-DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
-DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
-DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
-
-# define CMS_SIGNERINFO_ISSUER_SERIAL 0
-# define CMS_SIGNERINFO_KEYIDENTIFIER 1
-
-# define CMS_RECIPINFO_NONE -1
-# define CMS_RECIPINFO_TRANS 0
-# define CMS_RECIPINFO_AGREE 1
-# define CMS_RECIPINFO_KEK 2
-# define CMS_RECIPINFO_PASS 3
-# define CMS_RECIPINFO_OTHER 4
-
-/* S/MIME related flags */
-
-# define CMS_TEXT 0x1
-# define CMS_NOCERTS 0x2
-# define CMS_NO_CONTENT_VERIFY 0x4
-# define CMS_NO_ATTR_VERIFY 0x8
-# define CMS_NOSIGS \
- (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
-# define CMS_NOINTERN 0x10
-# define CMS_NO_SIGNER_CERT_VERIFY 0x20
-# define CMS_NOVERIFY 0x20
-# define CMS_DETACHED 0x40
-# define CMS_BINARY 0x80
-# define CMS_NOATTR 0x100
-# define CMS_NOSMIMECAP 0x200
-# define CMS_NOOLDMIMETYPE 0x400
-# define CMS_CRLFEOL 0x800
-# define CMS_STREAM 0x1000
-# define CMS_NOCRL 0x2000
-# define CMS_PARTIAL 0x4000
-# define CMS_REUSE_DIGEST 0x8000
-# define CMS_USE_KEYID 0x10000
-# define CMS_DEBUG_DECRYPT 0x20000
-# define CMS_KEY_PARAM 0x40000
-
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
-
-BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
-int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
-
-ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
-int CMS_is_detached(CMS_ContentInfo *cms);
-int CMS_set_detached(CMS_ContentInfo *cms, int detached);
-
-# ifdef HEADER_PEM_H
-DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
-# endif
-int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
-CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
-int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
-
-BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
-int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
-int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
- int flags);
-CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
-int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
-
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
- unsigned int flags);
-
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
- STACK_OF(X509) *certs, BIO *data,
- unsigned int flags);
-
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
- X509 *signcert, EVP_PKEY *pkey,
- STACK_OF(X509) *certs, unsigned int flags);
-
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
-
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
- unsigned int flags);
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
- unsigned int flags);
-
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
- const unsigned char *key, size_t keylen,
- BIO *dcont, BIO *out, unsigned int flags);
-
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
- const unsigned char *key,
- size_t keylen, unsigned int flags);
-
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
- const unsigned char *key, size_t keylen);
-
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
- X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
-
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
- STACK_OF(X509) *certs,
- X509_STORE *store, unsigned int flags);
-
-STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
-
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
- const EVP_CIPHER *cipher, unsigned int flags);
-
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
- BIO *dcont, BIO *out, unsigned int flags);
-
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
- unsigned char *key, size_t keylen,
- unsigned char *id, size_t idlen);
-int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
- unsigned char *pass, ossl_ssize_t passlen);
-
-STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
-int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
-EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
-CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
- X509 *recip, unsigned int flags);
-int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
-int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
- EVP_PKEY **pk, X509 **recip,
- X509_ALGOR **palg);
-int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
- ASN1_OCTET_STRING **keyid,
- X509_NAME **issuer,
- ASN1_INTEGER **sno);
-
-CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
- unsigned char *key, size_t keylen,
- unsigned char *id, size_t idlen,
- ASN1_GENERALIZEDTIME *date,
- ASN1_OBJECT *otherTypeId,
- ASN1_TYPE *otherType);
-
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
- X509_ALGOR **palg,
- ASN1_OCTET_STRING **pid,
- ASN1_GENERALIZEDTIME **pdate,
- ASN1_OBJECT **potherid,
- ASN1_TYPE **pothertype);
-
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
- unsigned char *key, size_t keylen);
-
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
- const unsigned char *id, size_t idlen);
-
-int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
- unsigned char *pass,
- ossl_ssize_t passlen);
-
-CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
- int iter, int wrap_nid,
- int pbe_nid,
- unsigned char *pass,
- ossl_ssize_t passlen,
- const EVP_CIPHER *kekciph);
-
-int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
-int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
-
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
- unsigned int flags);
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
-
-int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
-const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
-
-CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
-int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
-int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
-STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
-
-CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
-int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
-int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
-STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
-
-int CMS_SignedData_init(CMS_ContentInfo *cms);
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
- X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
- unsigned int flags);
-EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
-EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
-STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
-
-void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
-int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
- ASN1_OCTET_STRING **keyid,
- X509_NAME **issuer, ASN1_INTEGER **sno);
-int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
- unsigned int flags);
-void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
- X509 **signer, X509_ALGOR **pdig,
- X509_ALGOR **psig);
-ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
-int CMS_SignerInfo_sign(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify(CMS_SignerInfo *si);
-int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
-
-int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
- int algnid, int keysize);
-int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
-
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
- int lastpos);
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
- int lastpos);
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
- const ASN1_OBJECT *obj, int type,
- const void *bytes, int len);
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
- int nid, int type,
- const void *bytes, int len);
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
- const char *attrname, int type,
- const void *bytes, int len);
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
- int lastpos, int type);
-
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
- int lastpos);
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
- int lastpos);
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
- const ASN1_OBJECT *obj, int type,
- const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
- int nid, int type,
- const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
- const char *attrname, int type,
- const void *bytes, int len);
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
- int lastpos, int type);
-
-# ifdef HEADER_X509V3_H
-
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
- int allorfirst,
- STACK_OF(GENERAL_NAMES)
- *receiptList, STACK_OF(GENERAL_NAMES)
- *receiptsTo);
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
- ASN1_STRING **pcid,
- int *pallorfirst,
- STACK_OF(GENERAL_NAMES) **plist,
- STACK_OF(GENERAL_NAMES) **prto);
-# endif
-int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
- X509_ALGOR **palg,
- ASN1_OCTET_STRING **pukm);
-STACK_OF(CMS_RecipientEncryptedKey)
-*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
-
-int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
- X509_ALGOR **pubalg,
- ASN1_BIT_STRING **pubkey,
- ASN1_OCTET_STRING **keyid,
- X509_NAME **issuer,
- ASN1_INTEGER **sno);
-
-int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
-
-int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
- ASN1_OCTET_STRING **keyid,
- ASN1_GENERALIZEDTIME **tm,
- CMS_OtherKeyAttribute **other,
- X509_NAME **issuer, ASN1_INTEGER **sno);
-int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
- X509 *cert);
-int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
-EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
-int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
- CMS_RecipientInfo *ri,
- CMS_RecipientEncryptedKey *rek);
-
-int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
- ASN1_OCTET_STRING *ukm, int keylen);
-
-/* BEGIN ERROR CODES */
-/*
- * The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_CMS_strings(void);
-
-/* Error codes for the CMS functions. */
-
-/* Function codes. */
-# define CMS_F_CHECK_CONTENT 99
-# define CMS_F_CMS_ADD0_CERT 164
-# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100
-# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165
-# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158
-# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101
-# define CMS_F_CMS_ADD1_SIGNER 102
-# define CMS_F_CMS_ADD1_SIGNINGTIME 103
-# define CMS_F_CMS_COMPRESS 104
-# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105
-# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106
-# define CMS_F_CMS_COPY_CONTENT 107
-# define CMS_F_CMS_COPY_MESSAGEDIGEST 108
-# define CMS_F_CMS_DATA 109
-# define CMS_F_CMS_DATAFINAL 110
-# define CMS_F_CMS_DATAINIT 111
-# define CMS_F_CMS_DECRYPT 112
-# define CMS_F_CMS_DECRYPT_SET1_KEY 113
-# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166
-# define CMS_F_CMS_DECRYPT_SET1_PKEY 114
-# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115
-# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116
-# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117
-# define CMS_F_CMS_DIGEST_VERIFY 118
-# define CMS_F_CMS_ENCODE_RECEIPT 161
-# define CMS_F_CMS_ENCRYPT 119
-# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120
-# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121
-# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122
-# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123
-# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124
-# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125
-# define CMS_F_CMS_ENVELOPED_DATA_INIT 126
-# define CMS_F_CMS_ENV_ASN1_CTRL 171
-# define CMS_F_CMS_FINAL 127
-# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128
-# define CMS_F_CMS_GET0_CONTENT 129
-# define CMS_F_CMS_GET0_ECONTENT_TYPE 130
-# define CMS_F_CMS_GET0_ENVELOPED 131
-# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132
-# define CMS_F_CMS_GET0_SIGNED 133
-# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162
-# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159
-# define CMS_F_CMS_RECEIPT_VERIFY 160
-# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134
-# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169
-# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178
-# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175
-# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173
-# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172
-# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174
-# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135
-# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136
-# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137
-# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142
-# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143
-# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167
-# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144
-# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168
-# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145
-# define CMS_F_CMS_SD_ASN1_CTRL 170
-# define CMS_F_CMS_SET1_IAS 176
-# define CMS_F_CMS_SET1_KEYID 177
-# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146
-# define CMS_F_CMS_SET_DETACHED 147
-# define CMS_F_CMS_SIGN 148
-# define CMS_F_CMS_SIGNED_DATA_INIT 149
-# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150
-# define CMS_F_CMS_SIGNERINFO_SIGN 151
-# define CMS_F_CMS_SIGNERINFO_VERIFY 152
-# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153
-# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154
-# define CMS_F_CMS_SIGN_RECEIPT 163
-# define CMS_F_CMS_STREAM 155
-# define CMS_F_CMS_UNCOMPRESS 156
-# define CMS_F_CMS_VERIFY 157
-
-/* Reason codes. */
-# define CMS_R_ADD_SIGNER_ERROR 99
-# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175
-# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160
-# define CMS_R_CERTIFICATE_VERIFY_ERROR 100
-# define CMS_R_CIPHER_INITIALISATION_ERROR 101
-# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102
-# define CMS_R_CMS_DATAFINAL_ERROR 103
-# define CMS_R_CMS_LIB 104
-# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170
-# define CMS_R_CONTENT_NOT_FOUND 105
-# define CMS_R_CONTENT_TYPE_MISMATCH 171
-# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106
-# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107
-# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108
-# define CMS_R_CONTENT_VERIFY_ERROR 109
-# define CMS_R_CTRL_ERROR 110
-# define CMS_R_CTRL_FAILURE 111
-# define CMS_R_DECRYPT_ERROR 112
-# define CMS_R_DIGEST_ERROR 161
-# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113
-# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114
-# define CMS_R_ERROR_SETTING_KEY 115
-# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116
-# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117
-# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176
-# define CMS_R_INVALID_KEY_LENGTH 118
-# define CMS_R_MD_BIO_INIT_ERROR 119
-# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120
-# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121
-# define CMS_R_MSGSIGDIGEST_ERROR 172
-# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162
-# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163
-# define CMS_R_NEED_ONE_SIGNER 164
-# define CMS_R_NOT_A_SIGNED_RECEIPT 165
-# define CMS_R_NOT_ENCRYPTED_DATA 122
-# define CMS_R_NOT_KEK 123
-# define CMS_R_NOT_KEY_AGREEMENT 181
-# define CMS_R_NOT_KEY_TRANSPORT 124
-# define CMS_R_NOT_PWRI 177
-# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125
-# define CMS_R_NO_CIPHER 126
-# define CMS_R_NO_CONTENT 127
-# define CMS_R_NO_CONTENT_TYPE 173
-# define CMS_R_NO_DEFAULT_DIGEST 128
-# define CMS_R_NO_DIGEST_SET 129
-# define CMS_R_NO_KEY 130
-# define CMS_R_NO_KEY_OR_CERT 174
-# define CMS_R_NO_MATCHING_DIGEST 131
-# define CMS_R_NO_MATCHING_RECIPIENT 132
-# define CMS_R_NO_MATCHING_SIGNATURE 166
-# define CMS_R_NO_MSGSIGDIGEST 167
-# define CMS_R_NO_PASSWORD 178
-# define CMS_R_NO_PRIVATE_KEY 133
-# define CMS_R_NO_PUBLIC_KEY 134
-# define CMS_R_NO_RECEIPT_REQUEST 168
-# define CMS_R_NO_SIGNERS 135
-# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136
-# define CMS_R_RECEIPT_DECODE_ERROR 169
-# define CMS_R_RECIPIENT_ERROR 137
-# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138
-# define CMS_R_SIGNFINAL_ERROR 139
-# define CMS_R_SMIME_TEXT_ERROR 140
-# define CMS_R_STORE_INIT_ERROR 141
-# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142
-# define CMS_R_TYPE_NOT_DATA 143
-# define CMS_R_TYPE_NOT_DIGESTED_DATA 144
-# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145
-# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146
-# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147
-# define CMS_R_UNKNOWN_CIPHER 148
-# define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149
-# define CMS_R_UNKNOWN_ID 150
-# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151
-# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152
-# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153
-# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179
-# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154
-# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155
-# define CMS_R_UNSUPPORTED_TYPE 156
-# define CMS_R_UNWRAP_ERROR 157
-# define CMS_R_UNWRAP_FAILURE 180
-# define CMS_R_VERIFICATION_FAILURE 158
-# define CMS_R_WRAP_ERROR 159
-
-#ifdef __cplusplus
-}
-#endif
-#endif
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index 81a3407f1249..993ea6b219ab 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -1,61 +1,16 @@
-/* crypto/cms/cms_asn1.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
-#include "cms.h"
+#include <openssl/cms.h>
#include "cms_lcl.h"
@@ -67,7 +22,7 @@ ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
+} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
ASN1_CHOICE(CMS_CertificateChoices) = {
ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
@@ -80,12 +35,12 @@ ASN1_CHOICE(CMS_CertificateChoices) = {
ASN1_CHOICE(CMS_SignerIdentifier) = {
ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
-} ASN1_CHOICE_END(CMS_SignerIdentifier)
+} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
/* Minor tweak to operation: free up signer key, cert */
static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -93,18 +48,15 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
{
if (operation == ASN1_OP_FREE_POST) {
CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
- if (si->pkey)
- EVP_PKEY_free(si->pkey);
- if (si->signer)
- X509_free(si->signer);
- if (si->pctx)
- EVP_MD_CTX_cleanup(&si->mctx);
+ EVP_PKEY_free(si->pkey);
+ X509_free(si->signer);
+ EVP_MD_CTX_free(si->mctx);
}
return 1;
}
ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
- ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
+ ASN1_EMBED(CMS_SignerInfo, version, INT32),
ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
@@ -116,7 +68,7 @@ ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
+} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
ASN1_CHOICE(CMS_RevocationInfoChoice) = {
ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
@@ -124,7 +76,7 @@ ASN1_CHOICE(CMS_RevocationInfoChoice) = {
} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
- ASN1_SIMPLE(CMS_SignedData, version, LONG),
+ ASN1_EMBED(CMS_SignedData, version, INT32),
ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
@@ -135,16 +87,16 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
ASN1_SEQUENCE(CMS_OriginatorInfo) = {
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
-} ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
-} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
- ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG),
+ ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -164,15 +116,14 @@ ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
-} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
+} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
{
CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
if (operation == ASN1_OP_FREE_POST) {
- if (rek->pkey)
- EVP_PKEY_free(rek->pkey);
+ EVP_PKEY_free(rek->pkey);
}
return 1;
}
@@ -191,26 +142,27 @@ ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
-} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
+} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
{
CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
if (operation == ASN1_OP_NEW_POST) {
- EVP_CIPHER_CTX_init(&kari->ctx);
- EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+ kari->ctx = EVP_CIPHER_CTX_new();
+ if (kari->ctx == NULL)
+ return 0;
+ EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
kari->pctx = NULL;
} else if (operation == ASN1_OP_FREE_POST) {
- if (kari->pctx)
- EVP_PKEY_CTX_free(kari->pctx);
- EVP_CIPHER_CTX_cleanup(&kari->ctx);
+ EVP_PKEY_CTX_free(kari->pctx);
+ EVP_CIPHER_CTX_free(kari->ctx);
}
return 1;
}
ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
- ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, version, LONG),
+ ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32),
ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
@@ -221,17 +173,17 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
-} ASN1_SEQUENCE_END(CMS_KEKIdentifier)
+} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
- ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG),
+ ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32),
ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
- ASN1_SIMPLE(CMS_PasswordRecipientInfo, version, LONG),
+ ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32),
ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
@@ -240,7 +192,7 @@ ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
-} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
+} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
/* Free up RecipientInfo additional data */
static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -250,24 +202,15 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
if (ri->type == CMS_RECIPINFO_TRANS) {
CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
- if (ktri->pkey)
- EVP_PKEY_free(ktri->pkey);
- if (ktri->recip)
- X509_free(ktri->recip);
- if (ktri->pctx)
- EVP_PKEY_CTX_free(ktri->pctx);
+ EVP_PKEY_free(ktri->pkey);
+ X509_free(ktri->recip);
+ EVP_PKEY_CTX_free(ktri->pctx);
} else if (ri->type == CMS_RECIPINFO_KEK) {
CMS_KEKRecipientInfo *kekri = ri->d.kekri;
- if (kekri->key) {
- OPENSSL_cleanse(kekri->key, kekri->keylen);
- OPENSSL_free(kekri->key);
- }
+ OPENSSL_clear_free(kekri->key, kekri->keylen);
} else if (ri->type == CMS_RECIPINFO_PASS) {
CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
- if (pwri->pass) {
- OPENSSL_cleanse(pwri->pass, pwri->passlen);
- OPENSSL_free(pwri->pass);
- }
+ OPENSSL_clear_free(pwri->pass, pwri->passlen);
}
}
return 1;
@@ -282,7 +225,7 @@ ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
- ASN1_SIMPLE(CMS_EnvelopedData, version, LONG),
+ ASN1_EMBED(CMS_EnvelopedData, version, INT32),
ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
@@ -290,20 +233,20 @@ ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
- ASN1_SIMPLE(CMS_DigestedData, version, LONG),
+ ASN1_EMBED(CMS_DigestedData, version, INT32),
ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
- ASN1_SIMPLE(CMS_EncryptedData, version, LONG),
+ ASN1_EMBED(CMS_EncryptedData, version, INT32),
ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
- ASN1_SIMPLE(CMS_AuthenticatedData, version, LONG),
+ ASN1_EMBED(CMS_AuthenticatedData, version, INT32),
ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
@@ -312,10 +255,10 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
-} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
- ASN1_SIMPLE(CMS_CompressedData, version, LONG),
+ ASN1_EMBED(CMS_CompressedData, version, INT32),
ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
@@ -349,6 +292,7 @@ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
case ASN1_OP_STREAM_PRE:
if (CMS_stream(&sarg->boundary, cms) <= 0)
return 0;
+ /* fall thru */
case ASN1_OP_DETACHED_PRE:
sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
if (!sarg->ndef_bio)
@@ -394,9 +338,9 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
ASN1_CHOICE(CMS_ReceiptsFrom) = {
- ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+ ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
-} ASN1_CHOICE_END(CMS_ReceiptsFrom)
+} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
ASN1_SEQUENCE(CMS_ReceiptRequest) = {
ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
@@ -405,7 +349,7 @@ ASN1_SEQUENCE(CMS_ReceiptRequest) = {
} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
ASN1_SEQUENCE(CMS_Receipt) = {
- ASN1_SIMPLE(CMS_Receipt, version, LONG),
+ ASN1_EMBED(CMS_Receipt, version, INT32),
ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
@@ -426,7 +370,7 @@ ASN1_SEQUENCE(CMS_SharedInfo) = {
ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR),
ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0),
ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
-} ASN1_SEQUENCE_END(CMS_SharedInfo)
+} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
ASN1_OCTET_STRING *ukm, int keylen)
diff --git a/crypto/cms/cms_att.c b/crypto/cms/cms_att.c
index f79a49d51892..664e64971b0a 100644
--- a/crypto/cms/cms_att.c
+++ b/crypto/cms/cms_att.c
@@ -1,62 +1,17 @@
-/* crypto/cms/cms_att.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
-#include "cms.h"
+#include <openssl/cms.h>
#include "cms_lcl.h"
/* CMS SignedData Attribute utilities */
@@ -71,7 +26,7 @@ int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
}
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
int lastpos)
{
return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
@@ -120,7 +75,7 @@ int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
return 0;
}
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
int lastpos, int type)
{
return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
@@ -137,8 +92,8 @@ int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
}
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
- int lastpos)
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+ const ASN1_OBJECT *obj, int lastpos)
{
return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
}
diff --git a/crypto/cms/cms_cd.c b/crypto/cms/cms_cd.c
index aa3238f5848d..f05e308418f8 100644
--- a/crypto/cms/cms_cd.c
+++ b/crypto/cms/cms_cd.c
@@ -1,71 +1,22 @@
-/* crypto/cms/cms_cd.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/bio.h>
-#ifndef OPENSSL_NO_COMP
-# include <openssl/comp.h>
-#endif
+#include <openssl/comp.h>
#include "cms_lcl.h"
-DECLARE_ASN1_ITEM(CMS_CompressedData)
-
#ifdef ZLIB
/* CMS CompressedData Utilities */
@@ -84,12 +35,12 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
return NULL;
}
cms = CMS_ContentInfo_new();
- if (!cms)
+ if (cms == NULL)
return NULL;
cd = M_ASN1_new_of(CMS_CompressedData);
- if (!cd)
+ if (cd == NULL)
goto err;
cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
@@ -105,17 +56,14 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
return cms;
err:
-
- if (cms)
- CMS_ContentInfo_free(cms);
-
+ CMS_ContentInfo_free(cms);
return NULL;
}
BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
{
CMS_CompressedData *cd;
- ASN1_OBJECT *compoid;
+ const ASN1_OBJECT *compoid;
if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
diff --git a/crypto/cms/cms_dd.c b/crypto/cms/cms_dd.c
index 23e9f2d3a4fc..5da6802fcd5e 100644
--- a/crypto/cms/cms_dd.c
+++ b/crypto/cms/cms_dd.c
@@ -1,58 +1,13 @@
-/* crypto/cms/cms_dd.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
@@ -60,8 +15,6 @@
#include <openssl/cms.h>
#include "cms_lcl.h"
-DECLARE_ASN1_ITEM(CMS_DigestedData)
-
/* CMS DigestedData Utilities */
CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
@@ -69,12 +22,12 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
CMS_ContentInfo *cms;
CMS_DigestedData *dd;
cms = CMS_ContentInfo_new();
- if (!cms)
+ if (cms == NULL)
return NULL;
dd = M_ASN1_new_of(CMS_DigestedData);
- if (!dd)
+ if (dd == NULL)
goto err;
cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
@@ -83,15 +36,12 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
dd->version = 0;
dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
- cms_DigestAlgorithm_set(dd->digestAlgorithm, md);
+ X509_ALGOR_set_md(dd->digestAlgorithm, md);
return cms;
err:
-
- if (cms)
- CMS_ContentInfo_free(cms);
-
+ CMS_ContentInfo_free(cms);
return NULL;
}
@@ -104,19 +54,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
{
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
int r = 0;
CMS_DigestedData *dd;
- EVP_MD_CTX_init(&mctx);
+
+ if (mctx == NULL) {
+ CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
dd = cms->d.digestedData;
- if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm))
+ if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm))
goto err;
- if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
+ if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0)
goto err;
if (verify) {
@@ -138,7 +92,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
}
err:
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_MD_CTX_free(mctx);
return r;
diff --git a/crypto/cms/cms_enc.c b/crypto/cms/cms_enc.c
index 90b1fcc75075..a1719830e8d4 100644
--- a/crypto/cms/cms_enc.c
+++ b/crypto/cms/cms_enc.c
@@ -1,58 +1,13 @@
-/* crypto/cms/cms_enc.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
@@ -63,8 +18,6 @@
/* CMS EncryptedData Utilities */
-DECLARE_ASN1_ITEM(CMS_EncryptedData)
-
/* Return BIO based on EncryptedContentInfo and key */
BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
@@ -84,7 +37,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
enc = ec->cipher ? 1 : 0;
b = BIO_new(BIO_f_cipher());
- if (!b) {
+ if (b == NULL) {
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -132,7 +85,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
/* Generate random session key */
if (!enc || !ec->key) {
tkey = OPENSSL_malloc(tkeylen);
- if (!tkey) {
+ if (tkey == NULL) {
CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -164,8 +117,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
goto err;
} else {
/* Use random key */
- OPENSSL_cleanse(ec->key, ec->keylen);
- OPENSSL_free(ec->key);
+ OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = tkey;
ec->keylen = tkeylen;
tkey = NULL;
@@ -199,15 +151,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
ok = 1;
err:
- if (ec->key && (!keep_key || !ok)) {
- OPENSSL_cleanse(ec->key, ec->keylen);
- OPENSSL_free(ec->key);
+ if (!keep_key || !ok) {
+ OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = NULL;
}
- if (tkey) {
- OPENSSL_cleanse(tkey, tkeylen);
- OPENSSL_free(tkey);
- }
+ OPENSSL_clear_free(tkey, tkeylen);
if (ok)
return b;
BIO_free(b);
@@ -220,9 +168,10 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
{
ec->cipher = cipher;
if (key) {
- ec->key = OPENSSL_malloc(keylen);
- if (!ec->key)
+ if ((ec->key = OPENSSL_malloc(keylen)) == NULL) {
+ CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT, ERR_R_MALLOC_FAILURE);
return 0;
+ }
memcpy(ec->key, key, keylen);
}
ec->keylen = keylen;
diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
index 93c06cb00a8f..bb95af75e3e1 100644
--- a/crypto/cms/cms_env.c
+++ b/crypto/cms/cms_env.c
@@ -1,77 +1,25 @@
-/* crypto/cms/cms_env.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
-#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
/* CMS EnvelopedData Utilities */
-DECLARE_ASN1_ITEM(CMS_EnvelopedData)
-DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
-
-DECLARE_STACK_OF(CMS_RecipientInfo)
-
CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
{
if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
@@ -158,18 +106,17 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
CMS_ContentInfo *cms;
CMS_EnvelopedData *env;
cms = CMS_ContentInfo_new();
- if (!cms)
+ if (cms == NULL)
goto merr;
env = cms_enveloped_data_init(cms);
- if (!env)
+ if (env == NULL)
goto merr;
if (!cms_EncryptedContent_init(env->encryptedContentInfo,
cipher, NULL, 0))
goto merr;
return cms;
merr:
- if (cms)
- CMS_ContentInfo_free(cms);
+ CMS_ContentInfo_free(cms);
CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
return NULL;
}
@@ -207,14 +154,15 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
return 0;
- CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
- CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ X509_up_ref(recip);
+ EVP_PKEY_up_ref(pk);
+
ktri->pkey = pk;
ktri->recip = recip;
if (flags & CMS_KEY_PARAM) {
ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
- if (!ktri->pctx)
+ if (ktri->pctx == NULL)
return 0;
if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
return 0;
@@ -242,7 +190,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
if (!ri)
goto merr;
- pk = X509_get_pubkey(recip);
+ pk = X509_get0_pubkey(recip);
if (!pk) {
CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
goto err;
@@ -270,17 +218,12 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
goto merr;
- EVP_PKEY_free(pk);
-
return ri;
merr:
CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
err:
- if (ri)
- M_ASN1_free_of(ri, CMS_RecipientInfo);
- if (pk)
- EVP_PKEY_free(pk);
+ M_ASN1_free_of(ri, CMS_RecipientInfo);
return NULL;
}
@@ -339,6 +282,7 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
return 0;
}
+ EVP_PKEY_free(ri->d.ktri->pkey);
ri->d.ktri->pkey = pkey;
return 1;
}
@@ -370,7 +314,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
goto err;
} else {
pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
- if (!pctx)
+ if (pctx == NULL)
return 0;
if (EVP_PKEY_encrypt_init(pctx) <= 0)
@@ -402,12 +346,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
ret = 1;
err:
- if (pctx) {
- EVP_PKEY_CTX_free(pctx);
- ktri->pctx = NULL;
- }
- if (ek)
- OPENSSL_free(ek);
+ EVP_PKEY_CTX_free(pctx);
+ ktri->pctx = NULL;
+ OPENSSL_free(ek);
return ret;
}
@@ -431,7 +372,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
}
ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
- if (!ktri->pctx)
+ if (ktri->pctx == NULL)
return 0;
if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
@@ -467,20 +408,14 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
ret = 1;
- if (ec->key) {
- OPENSSL_cleanse(ec->key, ec->keylen);
- OPENSSL_free(ec->key);
- }
-
+ OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = ek;
ec->keylen = eklen;
err:
- if (ktri->pctx) {
- EVP_PKEY_CTX_free(ktri->pctx);
- ktri->pctx = NULL;
- }
- if (!ret && ek)
+ EVP_PKEY_CTX_free(ktri->pctx);
+ ktri->pctx = NULL;
+ if (!ret)
OPENSSL_free(ek);
return ret;
@@ -619,8 +554,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
merr:
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
err:
- if (ri)
- M_ASN1_free_of(ri, CMS_RecipientInfo);
+ M_ASN1_free_of(ri, CMS_RecipientInfo);
return NULL;
}
@@ -703,7 +637,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
wkey = OPENSSL_malloc(ec->keylen + 8);
- if (!wkey) {
+ if (wkey == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -721,7 +655,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
err:
- if (!r && wkey)
+ if (!r)
OPENSSL_free(wkey);
OPENSSL_cleanse(&actx, sizeof(actx));
@@ -773,7 +707,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
- if (!ukey) {
+ if (ukey == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -794,7 +728,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
err:
- if (!r && ukey)
+ if (!r)
OPENSSL_free(ukey);
OPENSSL_cleanse(&actx, sizeof(actx));
@@ -816,7 +750,7 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
default:
CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
- CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
+ CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
return 0;
}
}
@@ -832,11 +766,9 @@ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
case CMS_RECIPINFO_KEK:
return cms_RecipientInfo_kekri_encrypt(cms, ri);
- break;
case CMS_RECIPINFO_PASS:
return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
- break;
default:
CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
@@ -901,10 +833,10 @@ static void cms_env_set_version(CMS_EnvelopedData *env)
env->version = 2;
}
}
- if (env->version == 2)
- return;
if (env->originatorInfo || env->unprotectedAttrs)
env->version = 2;
+ if (env->version == 2)
+ return;
env->version = 0;
}
@@ -944,12 +876,9 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
err:
ec->cipher = NULL;
- if (ec->key) {
- OPENSSL_cleanse(ec->key, ec->keylen);
- OPENSSL_free(ec->key);
- ec->key = NULL;
- ec->keylen = 0;
- }
+ OPENSSL_clear_free(ec->key, ec->keylen);
+ ec->key = NULL;
+ ec->keylen = 0;
if (ok)
return ret;
BIO_free(ret);
diff --git a/crypto/cms/cms_err.c b/crypto/cms/cms_err.c
index 15572ea348c8..4432b471ee76 100644
--- a/crypto/cms/cms_err.c
+++ b/crypto/cms/cms_err.c
@@ -1,309 +1,294 @@
-/* crypto/cms/cms_err.c */
-/* ====================================================================
- * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
/*
- * NOTE: this file was auto generated by the mkerr.pl script: any changes
- * made to it will be overwritten when the script next updates this file,
- * only reason strings will be preserved.
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include <stdio.h>
#include <openssl/err.h>
-#include <openssl/cms.h>
+#include <openssl/cmserr.h>
-/* BEGIN ERROR CODES */
#ifndef OPENSSL_NO_ERR
-# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
-# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
-
-static ERR_STRING_DATA CMS_str_functs[] = {
- {ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"},
- {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"},
- {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"},
- {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD),
+static const ERR_STRING_DATA CMS_str_functs[] = {
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CHECK_CONTENT, 0), "check_content"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_CERT, 0), "CMS_add0_cert"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_KEY, 0),
+ "CMS_add0_recipient_key"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 0),
"CMS_add0_recipient_password"},
- {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"},
- {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"},
- {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"},
- {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"},
- {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"},
- {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"},
- {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECEIPTREQUEST, 0),
+ "CMS_add1_ReceiptRequest"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECIPIENT_CERT, 0),
+ "CMS_add1_recipient_cert"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNER, 0), "CMS_add1_signer"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNINGTIME, 0),
+ "cms_add1_signingTime"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESS, 0), "CMS_compress"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_CREATE, 0),
+ "cms_CompressedData_create"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 0),
"cms_CompressedData_init_bio"},
- {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"},
- {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"},
- {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"},
- {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"},
- {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
- {ERR_FUNC(CMS_F_CMS_DECRYPT), "CMS_decrypt"},
- {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
- {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD), "CMS_decrypt_set1_password"},
- {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY), "CMS_decrypt_set1_pkey"},
- {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_CONTENT, 0), "cms_copy_content"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_MESSAGEDIGEST, 0),
+ "cms_copy_messageDigest"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATA, 0), "CMS_data"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAFINAL, 0), "CMS_dataFinal"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAINIT, 0), "CMS_dataInit"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT, 0), "CMS_decrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_KEY, 0),
+ "CMS_decrypt_set1_key"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PASSWORD, 0),
+ "CMS_decrypt_set1_password"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PKEY, 0),
+ "CMS_decrypt_set1_pkey"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 0),
"cms_DigestAlgorithm_find_ctx"},
- {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 0),
"cms_DigestAlgorithm_init_bio"},
- {ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL), "cms_DigestedData_do_final"},
- {ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY), "CMS_digest_verify"},
- {ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT), "cms_encode_Receipt"},
- {ERR_FUNC(CMS_F_CMS_ENCRYPT), "CMS_encrypt"},
- {ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 0),
+ "cms_DigestedData_do_final"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGEST_VERIFY, 0), "CMS_digest_verify"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCODE_RECEIPT, 0), "cms_encode_Receipt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPT, 0), "CMS_encrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT, 0),
+ "cms_EncryptedContent_init"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 0),
"cms_EncryptedContent_init_bio"},
- {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT), "CMS_EncryptedData_decrypt"},
- {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT), "CMS_EncryptedData_encrypt"},
- {ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 0),
+ "CMS_EncryptedData_decrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, 0),
+ "CMS_EncryptedData_encrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 0),
"CMS_EncryptedData_set1_key"},
- {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"},
- {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_CREATE, 0),
+ "CMS_EnvelopedData_create"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 0),
"cms_EnvelopedData_init_bio"},
- {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"},
- {ERR_FUNC(CMS_F_CMS_ENV_ASN1_CTRL), "cms_env_asn1_ctrl"},
- {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"},
- {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES),
- "CMS_GET0_CERTIFICATE_CHOICES"},
- {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"},
- {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"},
- {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"},
- {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),
- "CMS_GET0_REVOCATION_CHOICES"},
- {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"},
- {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"},
- {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPED_DATA_INIT, 0),
+ "cms_enveloped_data_init"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENV_ASN1_CTRL, 0), "cms_env_asn1_ctrl"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_FINAL, 0), "CMS_final"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 0),
+ "cms_get0_certificate_choices"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CONTENT, 0), "CMS_get0_content"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ECONTENT_TYPE, 0),
+ "cms_get0_econtent_type"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ENVELOPED, 0), "cms_get0_enveloped"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_REVOCATION_CHOICES, 0),
+ "cms_get0_revocation_choices"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_SIGNED, 0), "cms_get0_signed"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_MSGSIGDIGEST_ADD1, 0),
+ "cms_msgSigDigest_add1"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPTREQUEST_CREATE0, 0),
"CMS_ReceiptRequest_create0"},
- {ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY), "cms_Receipt_verify"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT), "CMS_RecipientInfo_decrypt"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_ENCRYPT), "CMS_RecipientInfo_encrypt"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPT_VERIFY, 0), "cms_Receipt_verify"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_DECRYPT, 0),
+ "CMS_RecipientInfo_decrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_ENCRYPT, 0),
+ "CMS_RecipientInfo_encrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, 0),
"cms_RecipientInfo_kari_encrypt"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG, 0),
"CMS_RecipientInfo_kari_get0_alg"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID, 0),
"CMS_RecipientInfo_kari_get0_orig_id"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS, 0),
"CMS_RecipientInfo_kari_get0_reks"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP, 0),
"CMS_RecipientInfo_kari_orig_id_cmp"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),
- "CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),
- "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 0),
+ "cms_RecipientInfo_kekri_decrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 0),
+ "cms_RecipientInfo_kekri_encrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, 0),
"CMS_RecipientInfo_kekri_get0_id"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, 0),
"CMS_RecipientInfo_kekri_id_cmp"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 0),
"CMS_RecipientInfo_ktri_cert_cmp"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),
- "CMS_RECIPIENTINFO_KTRI_DECRYPT"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),
- "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 0),
+ "cms_RecipientInfo_ktri_decrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 0),
+ "cms_RecipientInfo_ktri_encrypt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 0),
"CMS_RecipientInfo_ktri_get0_algs"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 0),
"CMS_RecipientInfo_ktri_get0_signer_id"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 0),
"cms_RecipientInfo_pwri_crypt"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_KEY, 0),
"CMS_RecipientInfo_set0_key"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, 0),
"CMS_RecipientInfo_set0_password"},
- {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, 0),
"CMS_RecipientInfo_set0_pkey"},
- {ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "CMS_SD_ASN1_CTRL"},
- {ERR_FUNC(CMS_F_CMS_SET1_IAS), "cms_set1_ias"},
- {ERR_FUNC(CMS_F_CMS_SET1_KEYID), "cms_set1_keyid"},
- {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"},
- {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"},
- {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"},
- {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"},
- {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),
- "CMS_SIGNERINFO_CONTENT_SIGN"},
- {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"},
- {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"},
- {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),
- "CMS_SIGNERINFO_VERIFY_CERT"},
- {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SD_ASN1_CTRL, 0), "cms_sd_asn1_ctrl"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_IAS, 0), "cms_set1_ias"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_KEYID, 0), "cms_set1_keyid"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_SIGNERIDENTIFIER, 0),
+ "cms_set1_SignerIdentifier"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET_DETACHED, 0), "CMS_set_detached"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN, 0), "CMS_sign"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNED_DATA_INIT, 0),
+ "cms_signed_data_init"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 0),
+ "cms_SignerInfo_content_sign"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_SIGN, 0),
+ "CMS_SignerInfo_sign"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY, 0),
+ "CMS_SignerInfo_verify"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 0),
+ "cms_signerinfo_verify_cert"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0),
"CMS_SignerInfo_verify_content"},
- {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
- {ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
- {ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
- {ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"},
+ {ERR_PACK(ERR_LIB_CMS, CMS_F_KEK_UNWRAP_KEY, 0), "kek_unwrap_key"},
{0, NULL}
};
-static ERR_STRING_DATA CMS_str_reasons[] = {
- {ERR_REASON(CMS_R_ADD_SIGNER_ERROR), "add signer error"},
- {ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),
- "certificate already present"},
- {ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"},
- {ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
- {ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),
- "cipher initialisation error"},
- {ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
- "cipher parameter initialisation error"},
- {ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR), "cms datafinal error"},
- {ERR_REASON(CMS_R_CMS_LIB), "cms lib"},
- {ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),
- "contentidentifier mismatch"},
- {ERR_REASON(CMS_R_CONTENT_NOT_FOUND), "content not found"},
- {ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH), "content type mismatch"},
- {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
- "content type not compressed data"},
- {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
- "content type not enveloped data"},
- {ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
- "content type not signed data"},
- {ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR), "content verify error"},
- {ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"},
- {ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"},
- {ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"},
- {ERR_REASON(CMS_R_DIGEST_ERROR), "digest error"},
- {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
- {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
- "error reading messagedigest attribute"},
- {ERR_REASON(CMS_R_ERROR_SETTING_KEY), "error setting key"},
- {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),
- "error setting recipientinfo"},
- {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
- "invalid encrypted key length"},
- {ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
- "invalid key encryption parameter"},
- {ERR_REASON(CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
- {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
- {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
- "messagedigest attribute wrong length"},
- {ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
- "messagedigest wrong length"},
- {ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
- {ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
- "msgsigdigest verification failure"},
- {ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
- "msgsigdigest wrong length"},
- {ERR_REASON(CMS_R_NEED_ONE_SIGNER), "need one signer"},
- {ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT), "not a signed receipt"},
- {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
- {ERR_REASON(CMS_R_NOT_KEK), "not kek"},
- {ERR_REASON(CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
- {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
- {ERR_REASON(CMS_R_NOT_PWRI), "not pwri"},
- {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
- "not supported for this key type"},
- {ERR_REASON(CMS_R_NO_CIPHER), "no cipher"},
- {ERR_REASON(CMS_R_NO_CONTENT), "no content"},
- {ERR_REASON(CMS_R_NO_CONTENT_TYPE), "no content type"},
- {ERR_REASON(CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
- {ERR_REASON(CMS_R_NO_DIGEST_SET), "no digest set"},
- {ERR_REASON(CMS_R_NO_KEY), "no key"},
- {ERR_REASON(CMS_R_NO_KEY_OR_CERT), "no key or cert"},
- {ERR_REASON(CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
- {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT), "no matching recipient"},
- {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE), "no matching signature"},
- {ERR_REASON(CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
- {ERR_REASON(CMS_R_NO_PASSWORD), "no password"},
- {ERR_REASON(CMS_R_NO_PRIVATE_KEY), "no private key"},
- {ERR_REASON(CMS_R_NO_PUBLIC_KEY), "no public key"},
- {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
- {ERR_REASON(CMS_R_NO_SIGNERS), "no signers"},
- {ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
- "private key does not match certificate"},
- {ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR), "receipt decode error"},
- {ERR_REASON(CMS_R_RECIPIENT_ERROR), "recipient error"},
- {ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
- "signer certificate not found"},
- {ERR_REASON(CMS_R_SIGNFINAL_ERROR), "signfinal error"},
- {ERR_REASON(CMS_R_SMIME_TEXT_ERROR), "smime text error"},
- {ERR_REASON(CMS_R_STORE_INIT_ERROR), "store init error"},
- {ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"},
- {ERR_REASON(CMS_R_TYPE_NOT_DATA), "type not data"},
- {ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"},
- {ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"},
- {ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"},
- {ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
- "unable to finalize context"},
- {ERR_REASON(CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
- {ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"},
- {ERR_REASON(CMS_R_UNKNOWN_ID), "unknown id"},
- {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
- "unsupported compression algorithm"},
- {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
- {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),
- "unsupported kek algorithm"},
- {ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
- "unsupported key encryption algorithm"},
- {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
- "unsupported recipient type"},
- {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),
- "unsupported recpientinfo type"},
- {ERR_REASON(CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
- {ERR_REASON(CMS_R_UNWRAP_ERROR), "unwrap error"},
- {ERR_REASON(CMS_R_UNWRAP_FAILURE), "unwrap failure"},
- {ERR_REASON(CMS_R_VERIFICATION_FAILURE), "verification failure"},
- {ERR_REASON(CMS_R_WRAP_ERROR), "wrap error"},
+static const ERR_STRING_DATA CMS_str_reasons[] = {
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT),
+ "certificate already present"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID),
+ "certificate has no keyid"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR),
+ "certificate verify error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR),
+ "cipher initialisation error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
+ "cipher parameter initialisation error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR),
+ "cms datafinal error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH),
+ "contentidentifier mismatch"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH),
+ "content type mismatch"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
+ "content type not compressed data"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
+ "content type not enveloped data"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
+ "content type not signed data"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR),
+ "content verify error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY),
+ "error getting public key"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
+ "error reading messagedigest attribute"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO),
+ "error setting recipientinfo"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
+ "invalid encrypted key length"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
+ "invalid key encryption parameter"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
+ "messagedigest attribute wrong length"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
+ "messagedigest wrong length"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
+ "msgsigdigest verification failure"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
+ "msgsigdigest wrong length"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT),
+ "not a signed receipt"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+ "not supported for this key type"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT),
+ "no matching recipient"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE),
+ "no matching signature"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+ "private key does not match certificate"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR),
+ "receipt decode error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
+ "signer certificate not found"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA),
+ "type not compressed data"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA),
+ "type not digested data"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA),
+ "type not encrypted data"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA),
+ "type not enveloped data"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
+ "unable to finalize context"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM),
+ "unknown digest algorithm"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+ "unsupported compression algorithm"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
+ "unsupported content type"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM),
+ "unsupported kek algorithm"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
+ "unsupported key encryption algorithm"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE),
+ "unsupported recipientinfo type"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
+ "unsupported recipient type"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE),
+ "verification failure"},
+ {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"},
{0, NULL}
};
#endif
-void ERR_load_CMS_strings(void)
+int ERR_load_CMS_strings(void)
{
#ifndef OPENSSL_NO_ERR
-
if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
- ERR_load_strings(0, CMS_str_functs);
- ERR_load_strings(0, CMS_str_reasons);
+ ERR_load_strings_const(CMS_str_functs);
+ ERR_load_strings_const(CMS_str_reasons);
}
#endif
+ return 1;
}
diff --git a/crypto/cms/cms_ess.c b/crypto/cms/cms_ess.c
index 8212560628a9..4780231c22bb 100644
--- a/crypto/cms/cms_ess.c
+++ b/crypto/cms/cms_ess.c
@@ -1,58 +1,13 @@
-/* crypto/cms/cms_ess.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/rand.h>
@@ -61,9 +16,6 @@
#include <openssl/cms.h>
#include "cms_lcl.h"
-DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
-DECLARE_ASN1_ITEM(CMS_Receipt)
-
IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
/* ESS services: for now just Signed Receipt related */
@@ -100,7 +52,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
CMS_ReceiptRequest *rr = NULL;
rr = CMS_ReceiptRequest_new();
- if (!rr)
+ if (rr == NULL)
goto merr;
if (id)
ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
@@ -128,9 +80,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
err:
- if (rr)
- CMS_ReceiptRequest_free(rr);
-
+ CMS_ReceiptRequest_free(rr);
return NULL;
}
@@ -154,8 +104,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
if (!r)
CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
- if (rrder)
- OPENSSL_free(rrder);
+ OPENSSL_free(rrder);
return r;
@@ -338,11 +287,8 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
r = 1;
err:
- if (rr)
- CMS_ReceiptRequest_free(rr);
- if (rct)
- M_ASN1_free_of(rct, CMS_Receipt);
-
+ CMS_ReceiptRequest_free(rr);
+ M_ASN1_free_of(rct, CMS_Receipt);
return r;
}
@@ -386,9 +332,6 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
err:
- if (rr)
- CMS_ReceiptRequest_free(rr);
-
+ CMS_ReceiptRequest_free(rr);
return os;
-
}
diff --git a/crypto/cms/cms_io.c b/crypto/cms/cms_io.c
index ec51f8e6807c..d18f980a9732 100644
--- a/crypto/cms/cms_io.c
+++ b/crypto/cms/cms_io.c
@@ -1,73 +1,28 @@
-/* crypto/cms/cms_io.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/err.h>
#include <openssl/pem.h>
-#include "cms.h"
+#include <openssl/cms.h>
#include "cms_lcl.h"
int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
{
ASN1_OCTET_STRING **pos;
pos = CMS_get0_content(cms);
- if (!pos)
+ if (pos == NULL)
return 0;
- if (!*pos)
+ if (*pos == NULL)
*pos = ASN1_OCTET_STRING_new();
- if (*pos) {
+ if (*pos != NULL) {
(*pos)->flags |= ASN1_STRING_FLAG_NDEF;
(*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
*boundary = &(*pos)->data;
diff --git a/crypto/cms/cms_kari.c b/crypto/cms/cms_kari.c
index ee283172d3d8..3bc46febf640 100644
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@@ -1,72 +1,21 @@
-/* crypto/cms/cms_kari.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2013 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
-#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
-
-DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
-DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
-DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
-DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
+#include "internal/asn1_int.h"
/* Key Agreement Recipient Info (KARI) routines */
@@ -207,10 +156,9 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
{
EVP_PKEY_CTX *pctx;
CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
- if (kari->pctx) {
- EVP_PKEY_CTX_free(kari->pctx);
- kari->pctx = NULL;
- }
+
+ EVP_PKEY_CTX_free(kari->pctx);
+ kari->pctx = NULL;
if (!pk)
return 1;
pctx = EVP_PKEY_CTX_new(pk, NULL);
@@ -219,15 +167,14 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
kari->pctx = pctx;
return 1;
err:
- if (pctx)
- EVP_PKEY_CTX_free(pctx);
+ EVP_PKEY_CTX_free(pctx);
return 0;
}
EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
{
if (ri->type == CMS_RECIPINFO_AGREE)
- return &ri->d.kari->ctx;
+ return ri->d.kari->ctx;
return NULL;
}
@@ -246,22 +193,22 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
int rv = 0;
unsigned char *out = NULL;
int outlen;
- keklen = EVP_CIPHER_CTX_key_length(&kari->ctx);
+ keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
if (keklen > EVP_MAX_KEY_LENGTH)
return 0;
/* Derive KEK */
if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
goto err;
/* Set KEK in context */
- if (!EVP_CipherInit_ex(&kari->ctx, NULL, NULL, kek, NULL, enc))
+ if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
goto err;
/* obtain output length of ciphered key */
- if (!EVP_CipherUpdate(&kari->ctx, NULL, &outlen, in, inlen))
+ if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
goto err;
out = OPENSSL_malloc(outlen);
- if (!out)
+ if (out == NULL)
goto err;
- if (!EVP_CipherUpdate(&kari->ctx, out, &outlen, in, inlen))
+ if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
goto err;
*pout = out;
*poutlen = (size_t)outlen;
@@ -269,9 +216,10 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
err:
OPENSSL_cleanse(kek, keklen);
- if (!rv && out)
+ if (!rv)
OPENSSL_free(out);
- EVP_CIPHER_CTX_cleanup(&kari->ctx);
+ EVP_CIPHER_CTX_reset(kari->ctx);
+ /* FIXME: WHY IS kari->pctx freed here? /RL */
EVP_PKEY_CTX_free(kari->pctx);
kari->pctx = NULL;
return rv;
@@ -295,17 +243,13 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
goto err;
ec = cms->d.envelopedData->encryptedContentInfo;
- if (ec->key) {
- OPENSSL_cleanse(ec->key, ec->keylen);
- OPENSSL_free(ec->key);
- }
+ OPENSSL_clear_free(ec->key, ec->keylen);
ec->key = cek;
ec->keylen = ceklen;
cek = NULL;
rv = 1;
err:
- if (cek)
- OPENSSL_free(cek);
+ OPENSSL_free(cek);
return rv;
}
@@ -332,10 +276,9 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
kari->pctx = pctx;
rv = 1;
err:
- if (!rv && pctx)
+ if (!rv)
EVP_PKEY_CTX_free(pctx);
- if (ekey)
- EVP_PKEY_free(ekey);
+ EVP_PKEY_free(ekey);
return rv;
}
@@ -378,7 +321,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
if (!cms_kari_create_ephemeral_key(kari, pk))
return 0;
- CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
+ EVP_PKEY_up_ref(pk);
rek->pkey = pk;
return 1;
}
@@ -386,7 +329,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
const EVP_CIPHER *cipher)
{
- EVP_CIPHER_CTX *ctx = &kari->ctx;
+ EVP_CIPHER_CTX *ctx = kari->ctx;
const EVP_CIPHER *kekcipher;
int keylen = EVP_CIPHER_key_length(cipher);
/* If a suitable wrap algorithm is already set nothing to do */
@@ -437,7 +380,7 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
if (!cms_wrap_init(kari, ec->cipher))
return 0;
/*
- * If no orignator key set up initialise for ephemeral key the public key
+ * If no originator key set up initialise for ephemeral key the public key
* ASN1 structure will set the actual public key value.
*/
if (kari->originator->type == -1) {
diff --git a/crypto/cms/cms_lcl.h b/crypto/cms/cms_lcl.h
index 20f2c25f5ae9..916fcbfbe190 100644
--- a/crypto/cms/cms_lcl.h
+++ b/crypto/cms/cms_lcl.h
@@ -1,64 +1,15 @@
-/* crypto/cms/cms_lcl.h */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#ifndef HEADER_CMS_LCL_H
# define HEADER_CMS_LCL_H
-#ifdef __cplusplus
-extern "C" {
-#endif
-
# include <openssl/x509.h>
/*
@@ -109,8 +60,10 @@ struct CMS_ContentInfo_st {
} d;
};
+DEFINE_STACK_OF(CMS_CertificateChoices)
+
struct CMS_SignedData_st {
- long version;
+ int32_t version;
STACK_OF(X509_ALGOR) *digestAlgorithms;
CMS_EncapsulatedContentInfo *encapContentInfo;
STACK_OF(CMS_CertificateChoices) *certificates;
@@ -126,7 +79,7 @@ struct CMS_EncapsulatedContentInfo_st {
};
struct CMS_SignerInfo_st {
- long version;
+ int32_t version;
CMS_SignerIdentifier *sid;
X509_ALGOR *digestAlgorithm;
STACK_OF(X509_ATTRIBUTE) *signedAttrs;
@@ -137,7 +90,7 @@ struct CMS_SignerInfo_st {
X509 *signer;
EVP_PKEY *pkey;
/* Digest and public key context for alternative parameters */
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx;
EVP_PKEY_CTX *pctx;
};
@@ -150,7 +103,7 @@ struct CMS_SignerIdentifier_st {
};
struct CMS_EnvelopedData_st {
- long version;
+ int32_t version;
CMS_OriginatorInfo *originatorInfo;
STACK_OF(CMS_RecipientInfo) *recipientInfos;
CMS_EncryptedContentInfo *encryptedContentInfo;
@@ -188,7 +141,7 @@ struct CMS_RecipientInfo_st {
typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
struct CMS_KeyTransRecipientInfo_st {
- long version;
+ int32_t version;
CMS_RecipientIdentifier *rid;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
@@ -200,7 +153,7 @@ struct CMS_KeyTransRecipientInfo_st {
};
struct CMS_KeyAgreeRecipientInfo_st {
- long version;
+ int32_t version;
CMS_OriginatorIdentifierOrKey *originator;
ASN1_OCTET_STRING *ukm;
X509_ALGOR *keyEncryptionAlgorithm;
@@ -208,7 +161,7 @@ struct CMS_KeyAgreeRecipientInfo_st {
/* Public key context associated with current operation */
EVP_PKEY_CTX *pctx;
/* Cipher context for CEK wrapping */
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
};
struct CMS_OriginatorIdentifierOrKey_st {
@@ -247,7 +200,7 @@ struct CMS_RecipientKeyIdentifier_st {
};
struct CMS_KEKRecipientInfo_st {
- long version;
+ int32_t version;
CMS_KEKIdentifier *kekid;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
@@ -263,7 +216,7 @@ struct CMS_KEKIdentifier_st {
};
struct CMS_PasswordRecipientInfo_st {
- long version;
+ int32_t version;
X509_ALGOR *keyDerivationAlgorithm;
X509_ALGOR *keyEncryptionAlgorithm;
ASN1_OCTET_STRING *encryptedKey;
@@ -278,20 +231,20 @@ struct CMS_OtherRecipientInfo_st {
};
struct CMS_DigestedData_st {
- long version;
+ int32_t version;
X509_ALGOR *digestAlgorithm;
CMS_EncapsulatedContentInfo *encapContentInfo;
ASN1_OCTET_STRING *digest;
};
struct CMS_EncryptedData_st {
- long version;
+ int32_t version;
CMS_EncryptedContentInfo *encryptedContentInfo;
STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
};
struct CMS_AuthenticatedData_st {
- long version;
+ int32_t version;
CMS_OriginatorInfo *originatorInfo;
STACK_OF(CMS_RecipientInfo) *recipientInfos;
X509_ALGOR *macAlgorithm;
@@ -303,7 +256,7 @@ struct CMS_AuthenticatedData_st {
};
struct CMS_CompressedData_st {
- long version;
+ int32_t version;
X509_ALGOR *compressionAlgorithm;
STACK_OF(CMS_RecipientInfo) *recipientInfos;
CMS_EncapsulatedContentInfo *encapContentInfo;
@@ -375,14 +328,14 @@ struct CMS_ReceiptRequest_st {
struct CMS_ReceiptsFrom_st {
int type;
union {
- long allOrFirstTier;
+ int32_t allOrFirstTier;
STACK_OF(GENERAL_NAMES) *receiptList;
} d;
};
# endif
struct CMS_Receipt_st {
- long version;
+ int32_t version;
ASN1_OBJECT *contentType;
ASN1_OCTET_STRING *signedContentIdentifier;
ASN1_OCTET_STRING *originatorSignatureValue;
@@ -431,7 +384,6 @@ int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
-void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
X509_ALGOR *mdalg);
@@ -465,7 +417,21 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
int en_de);
-#ifdef __cplusplus
-}
-#endif
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
+DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_ASN1_ITEM(CMS_SignedData)
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+
#endif
diff --git a/crypto/cms/cms_lib.c b/crypto/cms/cms_lib.c
index 6d27c4969b92..c2cac260109d 100644
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@@ -1,55 +1,10 @@
-/* crypto/cms/cms_lib.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
#include <openssl/asn1t.h>
@@ -58,18 +13,13 @@
#include <openssl/pem.h>
#include <openssl/bio.h>
#include <openssl/asn1.h>
-#include "cms.h"
+#include <openssl/cms.h>
#include "cms_lcl.h"
IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
-DECLARE_ASN1_ITEM(CMS_CertificateChoices)
-DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
-DECLARE_STACK_OF(CMS_CertificateChoices)
-DECLARE_STACK_OF(CMS_RevocationInfoChoice)
-
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
{
return cms->contentType;
}
@@ -78,7 +28,7 @@ CMS_ContentInfo *cms_Data_create(void)
{
CMS_ContentInfo *cms;
cms = CMS_ContentInfo_new();
- if (cms) {
+ if (cms != NULL) {
cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
/* Never detached */
CMS_set_detached(cms, 0);
@@ -159,7 +109,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
if (!pos)
return 0;
- /* If ebmedded content find memory BIO and set content */
+ /* If embedded content find memory BIO and set content */
if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
BIO *mbio;
unsigned char *cont;
@@ -314,15 +264,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached)
if (!pos)
return 0;
if (detached) {
- if (*pos) {
- ASN1_OCTET_STRING_free(*pos);
- *pos = NULL;
- }
+ ASN1_OCTET_STRING_free(*pos);
+ *pos = NULL;
return 1;
}
- if (!*pos)
+ if (*pos == NULL)
*pos = ASN1_OCTET_STRING_new();
- if (*pos) {
+ if (*pos != NULL) {
/*
* NB: special flag to show content is created and not read in.
*/
@@ -333,44 +281,28 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached)
return 0;
}
-/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
-
-void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
-{
- int param_type;
-
- if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
- param_type = V_ASN1_UNDEF;
- else
- param_type = V_ASN1_NULL;
-
- X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
-
-}
-
/* Create a digest BIO from an X509_ALGOR structure */
BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
{
BIO *mdbio = NULL;
- ASN1_OBJECT *digestoid;
+ const ASN1_OBJECT *digestoid;
const EVP_MD *digest;
X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
digest = EVP_get_digestbyobj(digestoid);
if (!digest) {
CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
- CMS_R_UNKNOWN_DIGEST_ALGORIHM);
+ CMS_R_UNKNOWN_DIGEST_ALGORITHM);
goto err;
}
mdbio = BIO_new(BIO_f_md());
- if (!mdbio || !BIO_set_md(mdbio, digest)) {
+ if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
goto err;
}
return mdbio;
err:
- if (mdbio)
- BIO_free(mdbio);
+ BIO_free(mdbio);
return NULL;
}
@@ -380,7 +312,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
X509_ALGOR *mdalg)
{
int nid;
- ASN1_OBJECT *mdoid;
+ const ASN1_OBJECT *mdoid;
X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
nid = OBJ_obj2nid(mdoid);
/* Look for digest type to match signature */
@@ -477,7 +409,7 @@ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
int r;
r = CMS_add0_cert(cms, cert);
if (r > 0)
- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(cert);
return r;
}
@@ -539,7 +471,7 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
int r;
r = CMS_add0_crl(cms, crl);
if (r > 0)
- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+ X509_CRL_up_ref(crl);
return r;
}
@@ -564,7 +496,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
sk_X509_pop_free(certs, X509_free);
return NULL;
}
- CRYPTO_add(&cch->d.certificate->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(cch->d.certificate);
}
}
return certs;
@@ -592,7 +524,7 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
sk_X509_CRL_pop_free(crls, X509_CRL_free);
return NULL;
}
- CRYPTO_add(&rch->d.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+ X509_CRL_up_ref(rch->d.crl);
}
}
return crls;
@@ -609,10 +541,11 @@ int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
{
- X509_check_purpose(cert, -1, -1);
- if (!cert->skid)
+ const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
+
+ if (cert_keyid == NULL)
return -1;
- return ASN1_OCTET_STRING_cmp(keyid, cert->skid);
+ return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
}
int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
@@ -625,13 +558,11 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
goto err;
if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
goto err;
- if (*pias)
- M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
+ M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
*pias = ias;
return 1;
err:
- if (ias)
- M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
+ M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -639,18 +570,18 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
{
ASN1_OCTET_STRING *keyid = NULL;
- X509_check_purpose(cert, -1, -1);
- if (!cert->skid) {
+ const ASN1_OCTET_STRING *cert_keyid;
+ cert_keyid = X509_get0_subject_key_id(cert);
+ if (cert_keyid == NULL) {
CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
return 0;
}
- keyid = ASN1_STRING_dup(cert->skid);
+ keyid = ASN1_STRING_dup(cert_keyid);
if (!keyid) {
CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
return 0;
}
- if (*pkeyid)
- ASN1_OCTET_STRING_free(*pkeyid);
+ ASN1_OCTET_STRING_free(*pkeyid);
*pkeyid = keyid;
return 1;
}
diff --git a/crypto/cms/cms_pwri.c b/crypto/cms/cms_pwri.c
index 5c817caf2f05..eac9c2fc862e 100644
--- a/crypto/cms/cms_pwri.c
+++ b/crypto/cms/cms_pwri.c
@@ -1,58 +1,13 @@
-/* crypto/cms/cms_pwri.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2009 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
@@ -61,7 +16,7 @@
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
unsigned char *pass, ossl_ssize_t passlen)
@@ -90,7 +45,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri = NULL;
CMS_EnvelopedData *env;
CMS_PasswordRecipientInfo *pwri;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx = NULL;
X509_ALGOR *encalg = NULL;
unsigned char iv[EVP_MAX_IV_LENGTH];
int ivlen;
@@ -124,19 +79,19 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
if (encalg == NULL) {
goto merr;
}
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
- if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
+ if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
goto err;
}
- ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
+ ivlen = EVP_CIPHER_CTX_iv_length(ctx);
if (ivlen > 0) {
if (RAND_bytes(iv, ivlen) <= 0)
goto err;
- if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
+ if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
goto err;
}
@@ -145,24 +100,25 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
+ if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
}
}
- encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
+ encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
+ ctx = NULL;
/* Initialize recipient info */
ri = M_ASN1_new_of(CMS_RecipientInfo);
- if (!ri)
+ if (ri == NULL)
goto merr;
ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
- if (!ri->d.pwri)
+ if (ri->d.pwri == NULL)
goto merr;
ri->type = CMS_RECIPINFO_PASS;
@@ -170,11 +126,11 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
/* Since this is overwritten, free up empty structure already there */
X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
- if (!pwri->keyEncryptionAlgorithm)
+ if (pwri->keyEncryptionAlgorithm == NULL)
goto merr;
pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
- if (!pwri->keyEncryptionAlgorithm->parameter)
+ if (pwri->keyEncryptionAlgorithm->parameter == NULL)
goto merr;
if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
@@ -204,11 +160,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
merr:
CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
err:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
if (ri)
M_ASN1_free_of(ri, CMS_RecipientInfo);
- if (encalg)
- X509_ALGOR_free(encalg);
+ X509_ALGOR_free(encalg);
return NULL;
}
@@ -233,25 +188,28 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
/* Invalid size */
return 0;
}
- tmp = OPENSSL_malloc(inlen);
- if (!tmp)
+ if ((tmp = OPENSSL_malloc(inlen)) == NULL) {
+ CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE);
return 0;
+ }
/* setup IV by decrypting last two blocks */
- EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
- in + inlen - 2 * blocklen, blocklen * 2);
- /*
- * Do a decrypt of last decrypted block to set IV to correct value output
- * it to start of buffer so we don't corrupt decrypted block this works
- * because buffer is at least two block lengths long.
- */
- EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen);
- /* Can now decrypt first n - 1 blocks */
- EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
-
- /* Reset IV to original value */
- EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
- /* Decrypt again */
- EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
+ if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
+ in + inlen - 2 * blocklen, blocklen * 2)
+ /*
+ * Do a decrypt of last decrypted block to set IV to correct value
+ * output it to start of buffer so we don't corrupt decrypted block
+ * this works because buffer is at least two block lengths long.
+ */
+ || !EVP_DecryptUpdate(ctx, tmp, &outl,
+ tmp + inlen - blocklen, blocklen)
+ /* Can now decrypt first n - 1 blocks */
+ || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
+
+ /* Reset IV to original value */
+ || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
+ /* Decrypt again */
+ || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
+ goto err;
/* Check check bytes */
if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
/* Check byte failure */
@@ -265,8 +223,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
memcpy(out, tmp + 4, *outlen);
rv = 1;
err:
- OPENSSL_cleanse(tmp, inlen);
- OPENSSL_free(tmp);
+ OPENSSL_clear_free(tmp, inlen);
return rv;
}
@@ -304,8 +261,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
&& RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
return 0;
/* Encrypt twice */
- EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
- EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
+ if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
+ || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
+ return 0;
}
*outlen = olen;
@@ -320,11 +278,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
{
CMS_EncryptedContentInfo *ec;
CMS_PasswordRecipientInfo *pwri;
- const unsigned char *p = NULL;
- int plen;
int r = 0;
X509_ALGOR *algtmp, *kekalg = NULL;
- EVP_CIPHER_CTX kekctx;
+ EVP_CIPHER_CTX *kekctx = NULL;
const EVP_CIPHER *kekcipher;
unsigned char *key = NULL;
size_t keylen;
@@ -332,7 +288,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
ec = cms->d.envelopedData->encryptedContentInfo;
pwri = ri->d.pwri;
- EVP_CIPHER_CTX_init(&kekctx);
if (!pwri->pass) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
@@ -346,11 +301,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
return 0;
}
- if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
- p = algtmp->parameter->value.sequence->data;
- plen = algtmp->parameter->value.sequence->length;
- kekalg = d2i_X509_ALGOR(NULL, &p, plen);
- }
+ kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+ algtmp->parameter);
+
if (kekalg == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
@@ -361,14 +314,19 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
if (!kekcipher) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
- goto err;
+ return 0;
}
+ kekctx = EVP_CIPHER_CTX_new();
+ if (kekctx == NULL) {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
- if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
+ if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
goto err;
- EVP_CIPHER_CTX_set_padding(&kekctx, 0);
- if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
+ EVP_CIPHER_CTX_set_padding(kekctx, 0);
+ if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
goto err;
@@ -380,7 +338,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
if (EVP_PBE_CipherInit(algtmp->algorithm,
(char *)pwri->pass, pwri->passlen,
- algtmp->parameter, &kekctx, en_de) < 0) {
+ algtmp->parameter, kekctx, en_de) < 0) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
goto err;
}
@@ -389,28 +347,28 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
if (en_de) {
- if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
+ if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
goto err;
key = OPENSSL_malloc(keylen);
- if (!key)
+ if (key == NULL)
goto err;
- if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx))
+ if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
goto err;
pwri->encryptedKey->data = key;
pwri->encryptedKey->length = keylen;
} else {
key = OPENSSL_malloc(pwri->encryptedKey->length);
- if (!key) {
+ if (key == NULL) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!kek_unwrap_key(key, &keylen,
pwri->encryptedKey->data,
- pwri->encryptedKey->length, &kekctx)) {
+ pwri->encryptedKey->length, kekctx)) {
CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
goto err;
}
@@ -424,9 +382,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
err:
- EVP_CIPHER_CTX_cleanup(&kekctx);
+ EVP_CIPHER_CTX_free(kekctx);
- if (!r && key)
+ if (!r)
OPENSSL_free(key);
X509_ALGOR_free(kekalg);
diff --git a/crypto/cms/cms_sd.c b/crypto/cms/cms_sd.c
index a41aca8e1277..ff2d540b6a30 100644
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@@ -1,58 +1,13 @@
-/* crypto/cms/cms_sd.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
*
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
@@ -60,12 +15,11 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+#include "internal/evp_int.h"
/* CMS SignedData Utilities */
-DECLARE_ASN1_ITEM(CMS_SignedData)
-
static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
{
if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
@@ -94,7 +48,7 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
return cms_get0_signed(cms);
}
-/* Just initialize SignedData e.g. for certs only structure */
+/* Just initialise SignedData e.g. for certs only structure */
int CMS_SignedData_init(CMS_ContentInfo *cms)
{
@@ -282,16 +236,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
si = M_ASN1_new_of(CMS_SignerInfo);
if (!si)
goto merr;
+ /* Call for side-effect of computing hash and caching extensions */
X509_check_purpose(signer, -1, -1);
- CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY);
- CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
+ X509_up_ref(signer);
+ EVP_PKEY_up_ref(pk);
si->pkey = pk;
si->signer = signer;
- EVP_MD_CTX_init(&si->mctx);
+ si->mctx = EVP_MD_CTX_new();
si->pctx = NULL;
+ if (si->mctx == NULL) {
+ CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
if (flags & CMS_USE_KEYID) {
si->version = 3;
if (sd->version < 3)
@@ -321,11 +281,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
goto err;
}
- cms_DigestAlgorithm_set(si->digestAlgorithm, md);
+ X509_ALGOR_set_md(si->digestAlgorithm, md);
/* See if digest is present in digestAlgorithms */
for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
- ASN1_OBJECT *aoid;
+ const ASN1_OBJECT *aoid;
alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
X509_ALGOR_get0(&aoid, NULL, NULL, alg);
if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
@@ -334,9 +294,9 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
alg = X509_ALGOR_new();
- if (!alg)
+ if (alg == NULL)
goto merr;
- cms_DigestAlgorithm_set(alg, md);
+ X509_ALGOR_set_md(alg, md);
if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
X509_ALGOR_free(alg);
goto merr;
@@ -347,7 +307,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
goto err;
if (!(flags & CMS_NOATTR)) {
/*
- * Initialialize signed attributes strutucture so other attributes
+ * Initialize signed attributes structure so other attributes
* such as signing time etc are added later even if we add none here.
*/
if (!si->signedAttrs) {
@@ -383,13 +343,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (flags & CMS_KEY_PARAM) {
if (flags & CMS_NOATTR) {
si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
- if (!si->pctx)
+ if (si->pctx == NULL)
goto err;
if (EVP_PKEY_sign_init(si->pctx) <= 0)
goto err;
if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
goto err;
- } else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <=
+ } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
0)
goto err;
}
@@ -404,8 +364,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
merr:
CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
err:
- if (si)
- M_ASN1_free_of(si, CMS_SignerInfo);
+ M_ASN1_free_of(si, CMS_SignerInfo);
return NULL;
}
@@ -447,7 +406,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
{
- return &si->mctx;
+ return si->mctx;
}
STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
@@ -486,13 +445,11 @@ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
{
if (signer) {
- CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
- if (si->pkey)
- EVP_PKEY_free(si->pkey);
+ X509_up_ref(signer);
+ EVP_PKEY_free(si->pkey);
si->pkey = X509_get_pubkey(signer);
}
- if (si->signer)
- X509_free(si->signer);
+ X509_free(si->signer);
si->signer = signer;
}
@@ -576,19 +533,23 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
CMS_SignerInfo *si, BIO *chain)
{
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
int r = 0;
EVP_PKEY_CTX *pctx = NULL;
- EVP_MD_CTX_init(&mctx);
+
+ if (mctx == NULL) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
if (!si->pkey) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
- return 0;
+ goto err;
}
- if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+ if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
goto err;
- /* Set SignerInfo algortihm details if we used custom parametsr */
+ /* Set SignerInfo algorithm details if we used custom parameter */
if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
goto err;
@@ -601,7 +562,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
cms->d.signedData->encapContentInfo->eContentType;
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
- if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
+ if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err;
if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
V_ASN1_OCTET_STRING, md, mdlen))
@@ -618,26 +579,28 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
unsigned char md[EVP_MAX_MD_SIZE];
unsigned int mdlen;
pctx = si->pctx;
- if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
+ if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
goto err;
siglen = EVP_PKEY_size(si->pkey);
sig = OPENSSL_malloc(siglen);
- if (!sig) {
+ if (sig == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0)
+ if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
+ OPENSSL_free(sig);
goto err;
+ }
ASN1_STRING_set0(si->signature, sig, siglen);
} else {
unsigned char *sig;
unsigned int siglen;
sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
- if (!sig) {
+ if (sig == NULL) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) {
+ if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
OPENSSL_free(sig);
goto err;
@@ -648,9 +611,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
r = 1;
err:
- EVP_MD_CTX_cleanup(&mctx);
- if (pctx)
- EVP_PKEY_CTX_free(pctx);
+ EVP_MD_CTX_free(mctx);
+ EVP_PKEY_CTX_free(pctx);
return r;
}
@@ -672,8 +634,8 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
int CMS_SignerInfo_sign(CMS_SignerInfo *si)
{
- EVP_MD_CTX *mctx = &si->mctx;
- EVP_PKEY_CTX *pctx;
+ EVP_MD_CTX *mctx = si->mctx;
+ EVP_PKEY_CTX *pctx = NULL;
unsigned char *abuf = NULL;
int alen;
size_t siglen;
@@ -691,9 +653,10 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
if (si->pctx)
pctx = si->pctx;
else {
- EVP_MD_CTX_init(mctx);
+ EVP_MD_CTX_reset(mctx);
if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
goto err;
+ si->pctx = pctx;
}
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
@@ -712,7 +675,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
goto err;
OPENSSL_free(abuf);
abuf = OPENSSL_malloc(siglen);
- if (!abuf)
+ if (abuf == NULL)
goto err;
if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
goto err;
@@ -723,23 +686,22 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
goto err;
}
- EVP_MD_CTX_cleanup(mctx);
+ EVP_MD_CTX_reset(mctx);
ASN1_STRING_set0(si->signature, abuf, siglen);
return 1;
err:
- if (abuf)
- OPENSSL_free(abuf);
- EVP_MD_CTX_cleanup(mctx);
+ OPENSSL_free(abuf);
+ EVP_MD_CTX_reset(mctx);
return 0;
}
int CMS_SignerInfo_verify(CMS_SignerInfo *si)
{
- EVP_MD_CTX *mctx = &si->mctx;
+ EVP_MD_CTX *mctx = NULL;
unsigned char *abuf = NULL;
int alen, r = -1;
const EVP_MD *md = NULL;
@@ -752,7 +714,11 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
if (md == NULL)
return -1;
- EVP_MD_CTX_init(mctx);
+ if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ mctx = si->mctx;
if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0)
goto err;
@@ -774,7 +740,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
if (r <= 0)
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
err:
- EVP_MD_CTX_cleanup(mctx);
+ EVP_MD_CTX_reset(mctx);
return r;
}
@@ -804,20 +770,23 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
}
return chain;
err:
- if (chain)
- BIO_free_all(chain);
+ BIO_free_all(chain);
return NULL;
}
int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
{
ASN1_OCTET_STRING *os = NULL;
- EVP_MD_CTX mctx;
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
EVP_PKEY_CTX *pkctx = NULL;
int r = -1;
unsigned char mval[EVP_MAX_MD_SIZE];
unsigned int mlen;
- EVP_MD_CTX_init(&mctx);
+
+ if (mctx == NULL) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
/* If we have any signed attributes look for messageDigest value */
if (CMS_signed_get_attr_count(si) >= 0) {
os = CMS_signed_get0_data_by_OBJ(si,
@@ -830,10 +799,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
}
}
- if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
+ if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
goto err;
- if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) {
+ if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
goto err;
@@ -855,7 +824,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
} else
r = 1;
} else {
- const EVP_MD *md = EVP_MD_CTX_md(&mctx);
+ const EVP_MD *md = EVP_MD_CTX_md(mctx);
pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
if (pkctx == NULL)
goto err;
@@ -876,9 +845,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
}
err:
- if (pkctx)
- EVP_PKEY_CTX_free(pkctx);
- EVP_MD_CTX_cleanup(&mctx);
+ EVP_PKEY_CTX_free(pkctx);
+ EVP_MD_CTX_free(mctx);
return r;
}
@@ -903,21 +871,20 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
ASN1_INTEGER *key = NULL;
if (keysize > 0) {
key = ASN1_INTEGER_new();
- if (!key || !ASN1_INTEGER_set(key, keysize))
+ if (key == NULL || !ASN1_INTEGER_set(key, keysize))
return 0;
}
alg = X509_ALGOR_new();
- if (!alg) {
- if (key)
- ASN1_INTEGER_free(key);
+ if (alg == NULL) {
+ ASN1_INTEGER_free(key);
return 0;
}
X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
- if (!*algs)
+ if (*algs == NULL)
*algs = sk_X509_ALGOR_new_null();
- if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) {
+ if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
X509_ALGOR_free(alg);
return 0;
}
@@ -943,6 +910,8 @@ static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
{
if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+ || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+ || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
|| !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
|| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 07e3472e1079..5dcf803f4bd3 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -1,81 +1,43 @@
-/* crypto/cms/cms_smime.c */
/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project.
- */
-/* ====================================================================
- * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
*
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
-#include "cryptlib.h"
+#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
-#include "asn1_locl.h"
+#include "internal/asn1_int.h"
+
+static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
+{
+ BIO *rbio;
+ if (out == NULL)
+ rbio = BIO_new(BIO_s_null());
+ else if (flags & CMS_TEXT) {
+ rbio = BIO_new(BIO_s_mem());
+ BIO_set_mem_eof_return(rbio, 0);
+ } else
+ rbio = out;
+ return rbio;
+}
static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
{
unsigned char buf[4096];
int r = 0, i;
- BIO *tmpout = NULL;
+ BIO *tmpout;
- if (out == NULL)
- tmpout = BIO_new(BIO_s_null());
- else if (flags & CMS_TEXT) {
- tmpout = BIO_new(BIO_s_mem());
- BIO_set_mem_eof_return(tmpout, 0);
- } else
- tmpout = out;
+ tmpout = cms_get_text_bio(out, flags);
- if (!tmpout) {
+ if (tmpout == NULL) {
CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -107,7 +69,7 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
r = 1;
err:
- if (tmpout && (tmpout != out))
+ if (tmpout != out)
BIO_free(tmpout);
return r;
@@ -246,7 +208,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
return NULL;
}
cms = CMS_ContentInfo_new();
- if (!cms)
+ if (cms == NULL)
return NULL;
if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
return NULL;
@@ -265,24 +227,28 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
X509_STORE *store,
STACK_OF(X509) *certs,
- STACK_OF(X509_CRL) *crls,
- unsigned int flags)
+ STACK_OF(X509_CRL) *crls)
{
- X509_STORE_CTX ctx;
+ X509_STORE_CTX *ctx = X509_STORE_CTX_new();
X509 *signer;
int i, j, r = 0;
+
+ if (ctx == NULL) {
+ CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
- if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) {
+ if (!X509_STORE_CTX_init(ctx, store, signer, certs)) {
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, CMS_R_STORE_INIT_ERROR);
goto err;
}
- X509_STORE_CTX_set_default(&ctx, "smime_sign");
+ X509_STORE_CTX_set_default(ctx, "smime_sign");
if (crls)
- X509_STORE_CTX_set0_crls(&ctx, crls);
+ X509_STORE_CTX_set0_crls(ctx, crls);
- i = X509_verify_cert(&ctx);
+ i = X509_verify_cert(ctx);
if (i <= 0) {
- j = X509_STORE_CTX_get_error(&ctx);
+ j = X509_STORE_CTX_get_error(ctx);
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
CMS_R_CERTIFICATE_VERIFY_ERROR);
ERR_add_error_data(2, "Verify error:",
@@ -291,7 +257,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
}
r = 1;
err:
- X509_STORE_CTX_cleanup(&ctx);
+ X509_STORE_CTX_free(ctx);
return r;
}
@@ -305,10 +271,15 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
STACK_OF(X509_CRL) *crls = NULL;
X509 *signer;
int i, scount = 0, ret = 0;
- BIO *cmsbio = NULL, *tmpin = NULL;
+ BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL;
if (!dcont && !check_content(cms))
return 0;
+ if (dcont && !(flags & CMS_BINARY)) {
+ const ASN1_OBJECT *coid = CMS_get0_eContentType(cms);
+ if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF)
+ flags |= CMS_ASCIICRLF;
+ }
/* Attempt to find all signer certificates */
@@ -342,8 +313,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
crls = CMS_get1_crls(cms);
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
si = sk_CMS_SignerInfo_value(sinfos, i);
- if (!cms_signerinfo_verify_cert(si, store,
- cms_certs, crls, flags))
+ if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
goto err;
}
}
@@ -378,14 +348,44 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
}
} else
tmpin = dcont;
+ /*
+ * If not binary mode and detached generate digests by *writing* through
+ * the BIO. That makes it possible to canonicalise the input.
+ */
+ if (!(flags & SMIME_BINARY) && dcont) {
+ /*
+ * Create output BIO so we can either handle text or to ensure
+ * included content doesn't override detached content.
+ */
+ tmpout = cms_get_text_bio(out, flags);
+ if (!tmpout) {
+ CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ cmsbio = CMS_dataInit(cms, tmpout);
+ if (!cmsbio)
+ goto err;
+ /*
+ * Don't use SMIME_TEXT for verify: it adds headers and we want to
+ * remove them.
+ */
+ SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT);
- cmsbio = CMS_dataInit(cms, tmpin);
- if (!cmsbio)
- goto err;
+ if (flags & CMS_TEXT) {
+ if (!SMIME_text(tmpout, out)) {
+ CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
+ goto err;
+ }
+ }
+ } else {
+ cmsbio = CMS_dataInit(cms, tmpin);
+ if (!cmsbio)
+ goto err;
- if (!cms_copy_content(out, cmsbio, flags))
- goto err;
+ if (!cms_copy_content(out, cmsbio, flags))
+ goto err;
+ }
if (!(flags & CMS_NO_CONTENT_VERIFY)) {
for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
si = sk_CMS_SignerInfo_value(sinfos, i);
@@ -399,17 +399,23 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
ret = 1;
err:
+ if (!(flags & SMIME_BINARY) && dcont) {
+ do_free_upto(cmsbio, tmpout);
+ if (tmpin != dcont)
+ BIO_free(tmpin);
+ } else {
+ if (dcont && (tmpin == dcont))
+ do_free_upto(cmsbio, dcont);
+ else
+ BIO_free_all(cmsbio);
+ }
- if (dcont && (tmpin == dcont))
- do_free_upto(cmsbio, dcont);
- else
- BIO_free_all(cmsbio);
+ if (out != tmpout)
+ BIO_free_all(tmpout);
err2:
- if (cms_certs)
- sk_X509_pop_free(cms_certs, X509_free);
- if (crls)
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
+ sk_X509_pop_free(cms_certs, X509_free);
+ sk_X509_CRL_pop_free(crls, X509_CRL_free);
return ret;
}
@@ -434,8 +440,12 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
int i;
cms = CMS_ContentInfo_new();
- if (!cms || !CMS_SignedData_init(cms))
+ if (cms == NULL || !CMS_SignedData_init(cms))
goto merr;
+ if (flags & CMS_ASCIICRLF
+ && !CMS_set1_eContentType(cms,
+ OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
+ goto err;
if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
@@ -461,8 +471,7 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
err:
- if (cms)
- CMS_ContentInfo_free(cms);
+ CMS_ContentInfo_free(cms);
return NULL;
}
@@ -526,8 +535,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
r = 1;
err:
- if (rct_cont)
- BIO_free(rct_cont);
+ BIO_free(rct_cont);
if (r)
return cms;
CMS_ContentInfo_free(cms);
@@ -564,8 +572,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
merr:
CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
err:
- if (cms)
- CMS_ContentInfo_free(cms);
+ CMS_ContentInfo_free(cms);
return NULL;
}
@@ -576,19 +583,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
STACK_OF(CMS_RecipientEncryptedKey) *reks;
CMS_RecipientEncryptedKey *rek;
reks = CMS_RecipientInfo_kari_get0_reks(ri);
- if (!cert)
- return 0;
for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
int rv;
rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
- if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
+ if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
continue;
CMS_RecipientInfo_kari_set0_pkey(ri, pk);
rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
if (rv > 0)
return 1;
- return -1;
+ return cert == NULL ? 0 : -1;
}
return 0;
}
@@ -626,6 +631,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
* all.
*/
else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
+ EVP_PKEY_up_ref(pk);
CMS_RecipientInfo_set0_pkey(ri, pk);
r = CMS_RecipientInfo_decrypt(cms, ri);
CMS_RecipientInfo_set0_pkey(ri, NULL);
@@ -652,8 +658,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
return 1;
}
}
- /* If no cert and not debugging always return success */
- if (match_ri && !cert && !debug) {
+ /* If no cert, key transport and not debugging always return success */
+ if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
ERR_clear_error();
return 1;
}
@@ -665,7 +671,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
unsigned char *key, size_t keylen,
- unsigned char *id, size_t idlen)
+ const unsigned char *id, size_t idlen)
{
STACK_OF(CMS_RecipientInfo) *ris;
CMS_RecipientInfo *ri;
@@ -753,7 +759,8 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
{
BIO *cmsbio;
int ret = 0;
- if (!(cmsbio = CMS_dataInit(cms, dcont))) {
+
+ if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
return 0;
}