cms_smime.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821
  1. /* crypto/cms/cms_smime.c */
  2. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  3. * project.
  4. */
  5. /* ====================================================================
  6. * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. *
  12. * 1. Redistributions of source code must retain the above copyright
  13. * notice, this list of conditions and the following disclaimer.
  14. *
  15. * 2. Redistributions in binary form must reproduce the above copyright
  16. * notice, this list of conditions and the following disclaimer in
  17. * the documentation and/or other materials provided with the
  18. * distribution.
  19. *
  20. * 3. All advertising materials mentioning features or use of this
  21. * software must display the following acknowledgment:
  22. * "This product includes software developed by the OpenSSL Project
  23. * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  24. *
  25. * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  26. * endorse or promote products derived from this software without
  27. * prior written permission. For written permission, please contact
  28. * licensing@OpenSSL.org.
  29. *
  30. * 5. Products derived from this software may not be called "OpenSSL"
  31. * nor may "OpenSSL" appear in their names without prior written
  32. * permission of the OpenSSL Project.
  33. *
  34. * 6. Redistributions of any form whatsoever must retain the following
  35. * acknowledgment:
  36. * "This product includes software developed by the OpenSSL Project
  37. * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  38. *
  39. * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  40. * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  41. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  42. * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  43. * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  44. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  45. * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  46. * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  47. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  48. * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  49. * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  50. * OF THE POSSIBILITY OF SUCH DAMAGE.
  51. * ====================================================================
  52. */
  53. #include "cryptlib.h"
  54. #include <openssl/asn1t.h>
  55. #include <openssl/x509.h>
  56. #include <openssl/x509v3.h>
  57. #include <openssl/err.h>
  58. #include <openssl/cms.h>
  59. #include "cms_lcl.h"
  60. static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
  61. {
  62. unsigned char buf[4096];
  63. int r = 0, i;
  64. BIO *tmpout = NULL;
  65. if (out == NULL)
  66. tmpout = BIO_new(BIO_s_null());
  67. else if (flags & CMS_TEXT)
  68. {
  69. tmpout = BIO_new(BIO_s_mem());
  70. BIO_set_mem_eof_return(tmpout, 0);
  71. }
  72. else
  73. tmpout = out;
  74. if(!tmpout)
  75. {
  76. CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
  77. goto err;
  78. }
  79. /* Read all content through chain to process digest, decrypt etc */
  80. for (;;)
  81. {
  82. i=BIO_read(in,buf,sizeof(buf));
  83. if (i <= 0)
  84. {
  85. if (BIO_method_type(in) == BIO_TYPE_CIPHER)
  86. {
  87. if (!BIO_get_cipher_status(in))
  88. goto err;
  89. }
  90. if (i < 0)
  91. goto err;
  92. break;
  93. }
  94. if (tmpout && (BIO_write(tmpout, buf, i) != i))
  95. goto err;
  96. }
  97. if(flags & CMS_TEXT)
  98. {
  99. if(!SMIME_text(tmpout, out))
  100. {
  101. CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
  102. goto err;
  103. }
  104. }
  105. r = 1;
  106. err:
  107. if (tmpout && (tmpout != out))
  108. BIO_free(tmpout);
  109. return r;
  110. }
  111. static int check_content(CMS_ContentInfo *cms)
  112. {
  113. ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
  114. if (!pos || !*pos)
  115. {
  116. CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
  117. return 0;
  118. }
  119. return 1;
  120. }
  121. static void do_free_upto(BIO *f, BIO *upto)
  122. {
  123. if (upto)
  124. {
  125. BIO *tbio;
  126. do
  127. {
  128. tbio = BIO_pop(f);
  129. BIO_free(f);
  130. f = tbio;
  131. }
  132. while (f != upto);
  133. }
  134. else
  135. BIO_free_all(f);
  136. }
  137. int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
  138. {
  139. BIO *cont;
  140. int r;
  141. if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
  142. {
  143. CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
  144. return 0;
  145. }
  146. cont = CMS_dataInit(cms, NULL);
  147. if (!cont)
  148. return 0;
  149. r = cms_copy_content(out, cont, flags);
  150. BIO_free_all(cont);
  151. return r;
  152. }
  153. CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
  154. {
  155. CMS_ContentInfo *cms;
  156. cms = cms_Data_create();
  157. if (!cms)
  158. return NULL;
  159. if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
  160. return cms;
  161. CMS_ContentInfo_free(cms);
  162. return NULL;
  163. }
  164. int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
  165. unsigned int flags)
  166. {
  167. BIO *cont;
  168. int r;
  169. if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
  170. {
  171. CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
  172. return 0;
  173. }
  174. if (!dcont && !check_content(cms))
  175. return 0;
  176. cont = CMS_dataInit(cms, dcont);
  177. if (!cont)
  178. return 0;
  179. r = cms_copy_content(out, cont, flags);
  180. if (r)
  181. r = cms_DigestedData_do_final(cms, cont, 1);
  182. do_free_upto(cont, dcont);
  183. return r;
  184. }
  185. CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
  186. unsigned int flags)
  187. {
  188. CMS_ContentInfo *cms;
  189. if (!md)
  190. md = EVP_sha1();
  191. cms = cms_DigestedData_create(md);
  192. if (!cms)
  193. return NULL;
  194. if(!(flags & CMS_DETACHED))
  195. CMS_set_detached(cms, 0);
  196. if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
  197. return cms;
  198. CMS_ContentInfo_free(cms);
  199. return NULL;
  200. }
  201. int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
  202. const unsigned char *key, size_t keylen,
  203. BIO *dcont, BIO *out, unsigned int flags)
  204. {
  205. BIO *cont;
  206. int r;
  207. if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
  208. {
  209. CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
  210. CMS_R_TYPE_NOT_ENCRYPTED_DATA);
  211. return 0;
  212. }
  213. if (!dcont && !check_content(cms))
  214. return 0;
  215. if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
  216. return 0;
  217. cont = CMS_dataInit(cms, dcont);
  218. if (!cont)
  219. return 0;
  220. r = cms_copy_content(out, cont, flags);
  221. do_free_upto(cont, dcont);
  222. return r;
  223. }
  224. CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
  225. const unsigned char *key, size_t keylen,
  226. unsigned int flags)
  227. {
  228. CMS_ContentInfo *cms;
  229. if (!cipher)
  230. {
  231. CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
  232. return NULL;
  233. }
  234. cms = CMS_ContentInfo_new();
  235. if (!cms)
  236. return NULL;
  237. if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
  238. return NULL;
  239. if(!(flags & CMS_DETACHED))
  240. CMS_set_detached(cms, 0);
  241. if ((flags & (CMS_STREAM|CMS_PARTIAL))
  242. || CMS_final(cms, in, NULL, flags))
  243. return cms;
  244. CMS_ContentInfo_free(cms);
  245. return NULL;
  246. }
  247. static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
  248. X509_STORE *store,
  249. STACK_OF(X509) *certs,
  250. STACK_OF(X509_CRL) *crls,
  251. unsigned int flags)
  252. {
  253. X509_STORE_CTX ctx;
  254. X509 *signer;
  255. int i, j, r = 0;
  256. CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
  257. if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
  258. {
  259. CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
  260. CMS_R_STORE_INIT_ERROR);
  261. goto err;
  262. }
  263. X509_STORE_CTX_set_default(&ctx, "smime_sign");
  264. if (crls)
  265. X509_STORE_CTX_set0_crls(&ctx, crls);
  266. i = X509_verify_cert(&ctx);
  267. if (i <= 0)
  268. {
  269. j = X509_STORE_CTX_get_error(&ctx);
  270. CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
  271. CMS_R_CERTIFICATE_VERIFY_ERROR);
  272. ERR_add_error_data(2, "Verify error:",
  273. X509_verify_cert_error_string(j));
  274. goto err;
  275. }
  276. r = 1;
  277. err:
  278. X509_STORE_CTX_cleanup(&ctx);
  279. return r;
  280. }
  281. int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
  282. X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
  283. {
  284. CMS_SignerInfo *si;
  285. STACK_OF(CMS_SignerInfo) *sinfos;
  286. STACK_OF(X509) *cms_certs = NULL;
  287. STACK_OF(X509_CRL) *crls = NULL;
  288. X509 *signer;
  289. int i, scount = 0, ret = 0;
  290. BIO *cmsbio = NULL, *tmpin = NULL;
  291. if (!dcont && !check_content(cms))
  292. return 0;
  293. /* Attempt to find all signer certificates */
  294. sinfos = CMS_get0_SignerInfos(cms);
  295. if (sk_CMS_SignerInfo_num(sinfos) <= 0)
  296. {
  297. CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
  298. goto err;
  299. }
  300. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
  301. {
  302. si = sk_CMS_SignerInfo_value(sinfos, i);
  303. CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
  304. if (signer)
  305. scount++;
  306. }
  307. if (scount != sk_CMS_SignerInfo_num(sinfos))
  308. scount += CMS_set1_signers_certs(cms, certs, flags);
  309. if (scount != sk_CMS_SignerInfo_num(sinfos))
  310. {
  311. CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
  312. goto err;
  313. }
  314. /* Attempt to verify all signers certs */
  315. if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
  316. {
  317. cms_certs = CMS_get1_certs(cms);
  318. if (!(flags & CMS_NOCRL))
  319. crls = CMS_get1_crls(cms);
  320. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
  321. {
  322. si = sk_CMS_SignerInfo_value(sinfos, i);
  323. if (!cms_signerinfo_verify_cert(si, store,
  324. cms_certs, crls, flags))
  325. goto err;
  326. }
  327. }
  328. /* Attempt to verify all SignerInfo signed attribute signatures */
  329. if (!(flags & CMS_NO_ATTR_VERIFY))
  330. {
  331. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
  332. {
  333. si = sk_CMS_SignerInfo_value(sinfos, i);
  334. if (CMS_signed_get_attr_count(si) < 0)
  335. continue;
  336. if (CMS_SignerInfo_verify(si) <= 0)
  337. goto err;
  338. }
  339. }
  340. /* Performance optimization: if the content is a memory BIO then
  341. * store its contents in a temporary read only memory BIO. This
  342. * avoids potentially large numbers of slow copies of data which will
  343. * occur when reading from a read write memory BIO when signatures
  344. * are calculated.
  345. */
  346. if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
  347. {
  348. char *ptr;
  349. long len;
  350. len = BIO_get_mem_data(dcont, &ptr);
  351. tmpin = BIO_new_mem_buf(ptr, len);
  352. if (tmpin == NULL)
  353. {
  354. CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
  355. return 0;
  356. }
  357. }
  358. else
  359. tmpin = dcont;
  360. cmsbio=CMS_dataInit(cms, tmpin);
  361. if (!cmsbio)
  362. goto err;
  363. if (!cms_copy_content(out, cmsbio, flags))
  364. goto err;
  365. if (!(flags & CMS_NO_CONTENT_VERIFY))
  366. {
  367. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
  368. {
  369. si = sk_CMS_SignerInfo_value(sinfos, i);
  370. if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
  371. {
  372. CMSerr(CMS_F_CMS_VERIFY,
  373. CMS_R_CONTENT_VERIFY_ERROR);
  374. goto err;
  375. }
  376. }
  377. }
  378. ret = 1;
  379. err:
  380. if (dcont && (tmpin == dcont))
  381. do_free_upto(cmsbio, dcont);
  382. else
  383. BIO_free_all(cmsbio);
  384. if (cms_certs)
  385. sk_X509_pop_free(cms_certs, X509_free);
  386. if (crls)
  387. sk_X509_CRL_pop_free(crls, X509_CRL_free);
  388. return ret;
  389. }
  390. int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
  391. STACK_OF(X509) *certs,
  392. X509_STORE *store, unsigned int flags)
  393. {
  394. int r;
  395. flags &= ~(CMS_DETACHED|CMS_TEXT);
  396. r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
  397. if (r <= 0)
  398. return r;
  399. return cms_Receipt_verify(rcms, ocms);
  400. }
  401. CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
  402. BIO *data, unsigned int flags)
  403. {
  404. CMS_ContentInfo *cms;
  405. int i;
  406. cms = CMS_ContentInfo_new();
  407. if (!cms || !CMS_SignedData_init(cms))
  408. goto merr;
  409. if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
  410. {
  411. CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
  412. goto err;
  413. }
  414. for (i = 0; i < sk_X509_num(certs); i++)
  415. {
  416. X509 *x = sk_X509_value(certs, i);
  417. if (!CMS_add1_cert(cms, x))
  418. goto merr;
  419. }
  420. if(!(flags & CMS_DETACHED))
  421. CMS_set_detached(cms, 0);
  422. if ((flags & (CMS_STREAM|CMS_PARTIAL))
  423. || CMS_final(cms, data, NULL, flags))
  424. return cms;
  425. else
  426. goto err;
  427. merr:
  428. CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
  429. err:
  430. if (cms)
  431. CMS_ContentInfo_free(cms);
  432. return NULL;
  433. }
  434. CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
  435. X509 *signcert, EVP_PKEY *pkey,
  436. STACK_OF(X509) *certs,
  437. unsigned int flags)
  438. {
  439. CMS_SignerInfo *rct_si;
  440. CMS_ContentInfo *cms = NULL;
  441. ASN1_OCTET_STRING **pos, *os;
  442. BIO *rct_cont = NULL;
  443. int r = 0;
  444. flags &= ~(CMS_STREAM|CMS_TEXT);
  445. /* Not really detached but avoids content being allocated */
  446. flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
  447. if (!pkey || !signcert)
  448. {
  449. CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
  450. return NULL;
  451. }
  452. /* Initialize signed data */
  453. cms = CMS_sign(NULL, NULL, certs, NULL, flags);
  454. if (!cms)
  455. goto err;
  456. /* Set inner content type to signed receipt */
  457. if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
  458. goto err;
  459. rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
  460. if (!rct_si)
  461. {
  462. CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
  463. goto err;
  464. }
  465. os = cms_encode_Receipt(si);
  466. if (!os)
  467. goto err;
  468. /* Set content to digest */
  469. rct_cont = BIO_new_mem_buf(os->data, os->length);
  470. if (!rct_cont)
  471. goto err;
  472. /* Add msgSigDigest attribute */
  473. if (!cms_msgSigDigest_add1(rct_si, si))
  474. goto err;
  475. /* Finalize structure */
  476. if (!CMS_final(cms, rct_cont, NULL, flags))
  477. goto err;
  478. /* Set embedded content */
  479. pos = CMS_get0_content(cms);
  480. *pos = os;
  481. r = 1;
  482. err:
  483. if (rct_cont)
  484. BIO_free(rct_cont);
  485. if (r)
  486. return cms;
  487. CMS_ContentInfo_free(cms);
  488. return NULL;
  489. }
  490. CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
  491. const EVP_CIPHER *cipher, unsigned int flags)
  492. {
  493. CMS_ContentInfo *cms;
  494. int i;
  495. X509 *recip;
  496. cms = CMS_EnvelopedData_create(cipher);
  497. if (!cms)
  498. goto merr;
  499. for (i = 0; i < sk_X509_num(certs); i++)
  500. {
  501. recip = sk_X509_value(certs, i);
  502. if (!CMS_add1_recipient_cert(cms, recip, flags))
  503. {
  504. CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
  505. goto err;
  506. }
  507. }
  508. if(!(flags & CMS_DETACHED))
  509. CMS_set_detached(cms, 0);
  510. if ((flags & (CMS_STREAM|CMS_PARTIAL))
  511. || CMS_final(cms, data, NULL, flags))
  512. return cms;
  513. else
  514. goto err;
  515. merr:
  516. CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
  517. err:
  518. if (cms)
  519. CMS_ContentInfo_free(cms);
  520. return NULL;
  521. }
  522. int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
  523. {
  524. STACK_OF(CMS_RecipientInfo) *ris;
  525. CMS_RecipientInfo *ri;
  526. int i, r;
  527. ris = CMS_get0_RecipientInfos(cms);
  528. for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
  529. {
  530. ri = sk_CMS_RecipientInfo_value(ris, i);
  531. if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
  532. continue;
  533. /* If we have a cert try matching RecipientInfo
  534. * otherwise try them all.
  535. */
  536. if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
  537. {
  538. CMS_RecipientInfo_set0_pkey(ri, pk);
  539. r = CMS_RecipientInfo_decrypt(cms, ri);
  540. CMS_RecipientInfo_set0_pkey(ri, NULL);
  541. if (r > 0)
  542. return 1;
  543. if (cert)
  544. {
  545. CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
  546. CMS_R_DECRYPT_ERROR);
  547. return 0;
  548. }
  549. ERR_clear_error();
  550. }
  551. }
  552. CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
  553. return 0;
  554. }
  555. int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
  556. unsigned char *key, size_t keylen,
  557. unsigned char *id, size_t idlen)
  558. {
  559. STACK_OF(CMS_RecipientInfo) *ris;
  560. CMS_RecipientInfo *ri;
  561. int i, r;
  562. ris = CMS_get0_RecipientInfos(cms);
  563. for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
  564. {
  565. ri = sk_CMS_RecipientInfo_value(ris, i);
  566. if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
  567. continue;
  568. /* If we have an id try matching RecipientInfo
  569. * otherwise try them all.
  570. */
  571. if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
  572. {
  573. CMS_RecipientInfo_set0_key(ri, key, keylen);
  574. r = CMS_RecipientInfo_decrypt(cms, ri);
  575. CMS_RecipientInfo_set0_key(ri, NULL, 0);
  576. if (r > 0)
  577. return 1;
  578. if (id)
  579. {
  580. CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
  581. CMS_R_DECRYPT_ERROR);
  582. return 0;
  583. }
  584. ERR_clear_error();
  585. }
  586. }
  587. CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
  588. return 0;
  589. }
  590. int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
  591. unsigned char *pass, ossl_ssize_t passlen)
  592. {
  593. STACK_OF(CMS_RecipientInfo) *ris;
  594. CMS_RecipientInfo *ri;
  595. int i, r;
  596. ris = CMS_get0_RecipientInfos(cms);
  597. for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
  598. {
  599. ri = sk_CMS_RecipientInfo_value(ris, i);
  600. if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
  601. continue;
  602. CMS_RecipientInfo_set0_password(ri, pass, passlen);
  603. r = CMS_RecipientInfo_decrypt(cms, ri);
  604. CMS_RecipientInfo_set0_password(ri, NULL, 0);
  605. if (r > 0)
  606. return 1;
  607. }
  608. CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
  609. return 0;
  610. }
  611. int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
  612. BIO *dcont, BIO *out,
  613. unsigned int flags)
  614. {
  615. int r;
  616. BIO *cont;
  617. if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
  618. {
  619. CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
  620. return 0;
  621. }
  622. if (!dcont && !check_content(cms))
  623. return 0;
  624. if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
  625. return 0;
  626. cont = CMS_dataInit(cms, dcont);
  627. if (!cont)
  628. return 0;
  629. r = cms_copy_content(out, cont, flags);
  630. do_free_upto(cont, dcont);
  631. return r;
  632. }
  633. int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
  634. {
  635. BIO *cmsbio;
  636. int ret = 0;
  637. if (!(cmsbio = CMS_dataInit(cms, dcont)))
  638. {
  639. CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
  640. return 0;
  641. }
  642. SMIME_crlf_copy(data, cmsbio, flags);
  643. (void)BIO_flush(cmsbio);
  644. if (!CMS_dataFinal(cms, cmsbio))
  645. {
  646. CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
  647. goto err;
  648. }
  649. ret = 1;
  650. err:
  651. do_free_upto(cmsbio, dcont);
  652. return ret;
  653. }
  654. #ifdef ZLIB
  655. int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
  656. unsigned int flags)
  657. {
  658. BIO *cont;
  659. int r;
  660. if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
  661. {
  662. CMSerr(CMS_F_CMS_UNCOMPRESS,
  663. CMS_R_TYPE_NOT_COMPRESSED_DATA);
  664. return 0;
  665. }
  666. if (!dcont && !check_content(cms))
  667. return 0;
  668. cont = CMS_dataInit(cms, dcont);
  669. if (!cont)
  670. return 0;
  671. r = cms_copy_content(out, cont, flags);
  672. do_free_upto(cont, dcont);
  673. return r;
  674. }
  675. CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
  676. {
  677. CMS_ContentInfo *cms;
  678. if (comp_nid <= 0)
  679. comp_nid = NID_zlib_compression;
  680. cms = cms_CompressedData_create(comp_nid);
  681. if (!cms)
  682. return NULL;
  683. if(!(flags & CMS_DETACHED))
  684. CMS_set_detached(cms, 0);
  685. if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
  686. return cms;
  687. CMS_ContentInfo_free(cms);
  688. return NULL;
  689. }
  690. #else
  691. int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
  692. unsigned int flags)
  693. {
  694. CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
  695. return 0;
  696. }
  697. CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
  698. {
  699. CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
  700. return NULL;
  701. }
  702. #endif