Etusivu Tutki Apua
Kirjaudu sisään
OWEALs
/
openssl
peilaus alkaen git://git.openssl.org/openssl.git
2
0
Fork 0
Tiedostot Ongelmat 1 Wiki
Puu: 1518c55a79
Haarat Tagit
openssl
/
crypto
/
cms
/
cms_sd.c

cms_sd.c 26 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926 
  1. /*
    2. 

  2.  * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the OpenSSL license (the "License").  You may not use
    5. 

  5.  * this file except in compliance with the License.  You can obtain a copy
    6. 

  6.  * in the file LICENSE in the source distribution or at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  */
    9. 

  9. 

  10. #include "internal/cryptlib.h"
    11. 

  11. #include <openssl/asn1t.h>
    12. 

  12. #include <openssl/pem.h>
    13. 

  13. #include <openssl/x509.h>
    14. 

  14. #include <openssl/x509v3.h>
    15. 

  15. #include <openssl/err.h>
    16. 

  16. #include <openssl/cms.h>
    17. 

  17. #include "cms_lcl.h"
    18. 

  18. #include "internal/asn1_int.h"
    19. 

  19. #include "internal/evp_int.h"
    20. 

  20. 

  21. /* CMS SignedData Utilities */
    22. 

  22. 

  23. static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
    24. 

  24. {
    25. 

  25.     if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
    26. 

  26.         CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
    27. 

  27.         return NULL;
    28. 

  28.     }
    29. 

  29.     return cms->d.signedData;
    30. 

  30. }
    31. 

  31. 

  32. static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
    33. 

  33. {
    34. 

  34.     if (cms->d.other == NULL) {
    35. 

  35.         cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
    36. 

  36.         if (!cms->d.signedData) {
    37. 

  37.             CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
    38. 

  38.             return NULL;
    39. 

  39.         }
    40. 

  40.         cms->d.signedData->version = 1;
    41. 

  41.         cms->d.signedData->encapContentInfo->eContentType =
    42. 

  42.             OBJ_nid2obj(NID_pkcs7_data);
    43. 

  43.         cms->d.signedData->encapContentInfo->partial = 1;
    44. 

  44.         ASN1_OBJECT_free(cms->contentType);
    45. 

  45.         cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
    46. 

  46.         return cms->d.signedData;
    47. 

  47.     }
    48. 

  48.     return cms_get0_signed(cms);
    49. 

  49. }
    50. 

  50. 

  51. /* Just initialise SignedData e.g. for certs only structure */
    52. 

  52. 

  53. int CMS_SignedData_init(CMS_ContentInfo *cms)
    54. 

  54. {
    55. 

  55.     if (cms_signed_data_init(cms))
    56. 

  56.         return 1;
    57. 

  57.     else
    58. 

  58.         return 0;
    59. 

  59. }
    60. 

  60. 

  61. /* Check structures and fixup version numbers (if necessary) */
    62. 

  62. 

  63. static void cms_sd_set_version(CMS_SignedData *sd)
    64. 

  64. {
    65. 

  65.     int i;
    66. 

  66.     CMS_CertificateChoices *cch;
    67. 

  67.     CMS_RevocationInfoChoice *rch;
    68. 

  68.     CMS_SignerInfo *si;
    69. 

  69. 

  70.     for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
    71. 

  71.         cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
    72. 

  72.         if (cch->type == CMS_CERTCHOICE_OTHER) {
    73. 

  73.             if (sd->version < 5)
    74. 

  74.                 sd->version = 5;
    75. 

  75.         } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
    76. 

  76.             if (sd->version < 4)
    77. 

  77.                 sd->version = 4;
    78. 

  78.         } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
    79. 

  79.             if (sd->version < 3)
    80. 

  80.                 sd->version = 3;
    81. 

  81.         }
    82. 

  82.     }
    83. 

  83. 

  84.     for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
    85. 

  85.         rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
    86. 

  86.         if (rch->type == CMS_REVCHOICE_OTHER) {
    87. 

  87.             if (sd->version < 5)
    88. 

  88.                 sd->version = 5;
    89. 

  89.         }
    90. 

  90.     }
    91. 

  91. 

  92.     if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
    93. 

  93.         && (sd->version < 3))
    94. 

  94.         sd->version = 3;
    95. 

  95. 

  96.     for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
    97. 

  97.         si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
    98. 

  98.         if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
    99. 

  99.             if (si->version < 3)
    100. 

  100.                 si->version = 3;
    101. 

  101.             if (sd->version < 3)
    102. 

  102.                 sd->version = 3;
    103. 

  103.         } else if (si->version < 1)
    104. 

  104.             si->version = 1;
    105. 

  105.     }
    106. 

  106. 

  107.     if (sd->version < 1)
    108. 

  108.         sd->version = 1;
    109. 

  109. 

  110. }
    111. 

  111. 

  112. /* Copy an existing messageDigest value */
    113. 

  113. 

  114. static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
    115. 

  115. {
    116. 

  116.     STACK_OF(CMS_SignerInfo) *sinfos;
    117. 

  117.     CMS_SignerInfo *sitmp;
    118. 

  118.     int i;
    119. 

  119.     sinfos = CMS_get0_SignerInfos(cms);
    120. 

  120.     for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
    121. 

  121.         ASN1_OCTET_STRING *messageDigest;
    122. 

  122.         sitmp = sk_CMS_SignerInfo_value(sinfos, i);
    123. 

  123.         if (sitmp == si)
    124. 

  124.             continue;
    125. 

  125.         if (CMS_signed_get_attr_count(sitmp) < 0)
    126. 

  126.             continue;
    127. 

  127.         if (OBJ_cmp(si->digestAlgorithm->algorithm,
    128. 

  128.                     sitmp->digestAlgorithm->algorithm))
    129. 

  129.             continue;
    130. 

  130.         messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
    131. 

  131.                                                     OBJ_nid2obj
    132. 

  132.                                                     (NID_pkcs9_messageDigest),
    133. 

  133.                                                     -3, V_ASN1_OCTET_STRING);
    134. 

  134.         if (!messageDigest) {
    135. 

  135.             CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
    136. 

  136.                    CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
    137. 

  137.             return 0;
    138. 

  138.         }
    139. 

  139. 

  140.         if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
    141. 

  141.                                         V_ASN1_OCTET_STRING,
    142. 

  142.                                         messageDigest, -1))
    143. 

  143.             return 1;
    144. 

  144.         else
    145. 

  145.             return 0;
    146. 

  146.     }
    147. 

  147.     CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
    148. 

  148.     return 0;
    149. 

  149. }
    150. 

  150. 

  151. int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
    152. 

  152. {
    153. 

  153.     switch (type) {
    154. 

  154.     case CMS_SIGNERINFO_ISSUER_SERIAL:
    155. 

  155.         if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert))
    156. 

  156.             return 0;
    157. 

  157.         break;
    158. 

  158. 

  159.     case CMS_SIGNERINFO_KEYIDENTIFIER:
    160. 

  160.         if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert))
    161. 

  161.             return 0;
    162. 

  162.         break;
    163. 

  163. 

  164.     default:
    165. 

  165.         CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
    166. 

  166.         return 0;
    167. 

  167.     }
    168. 

  168. 

  169.     sid->type = type;
    170. 

  170. 

  171.     return 1;
    172. 

  172. }
    173. 

  173. 

  174. int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
    175. 

  175.                                         ASN1_OCTET_STRING **keyid,
    176. 

  176.                                         X509_NAME **issuer,
    177. 

  177.                                         ASN1_INTEGER **sno)
    178. 

  178. {
    179. 

  179.     if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
    180. 

  180.         if (issuer)
    181. 

  181.             *issuer = sid->d.issuerAndSerialNumber->issuer;
    182. 

  182.         if (sno)
    183. 

  183.             *sno = sid->d.issuerAndSerialNumber->serialNumber;
    184. 

  184.     } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
    185. 

  185.         if (keyid)
    186. 

  186.             *keyid = sid->d.subjectKeyIdentifier;
    187. 

  187.     } else
    188. 

  188.         return 0;
    189. 

  189.     return 1;
    190. 

  190. }
    191. 

  191. 

  192. int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
    193. 

  193. {
    194. 

  194.     if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
    195. 

  195.         return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
    196. 

  196.     else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
    197. 

  197.         return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert);
    198. 

  198.     else
    199. 

  199.         return -1;
    200. 

  200. }
    201. 

  201. 

  202. static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
    203. 

  203. {
    204. 

  204.     EVP_PKEY *pkey = si->pkey;
    205. 

  205.     int i;
    206. 

  206.     if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
    207. 

  207.         return 1;
    208. 

  208.     i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
    209. 

  209.     if (i == -2) {
    210. 

  210.         CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
    211. 

  211.         return 0;
    212. 

  212.     }
    213. 

  213.     if (i <= 0) {
    214. 

  214.         CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE);
    215. 

  215.         return 0;
    216. 

  216.     }
    217. 

  217.     return 1;
    218. 

  218. }
    219. 

  219. 

  220. CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
    221. 

  221.                                 X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
    222. 

  222.                                 unsigned int flags)
    223. 

  223. {
    224. 

  224.     CMS_SignedData *sd;
    225. 

  225.     CMS_SignerInfo *si = NULL;
    226. 

  226.     X509_ALGOR *alg;
    227. 

  227.     int i, type;
    228. 

  228.     if (!X509_check_private_key(signer, pk)) {
    229. 

  229.         CMSerr(CMS_F_CMS_ADD1_SIGNER,
    230. 

  230.                CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
    231. 

  231.         return NULL;
    232. 

  232.     }
    233. 

  233.     sd = cms_signed_data_init(cms);
    234. 

  234.     if (!sd)
    235. 

  235.         goto err;
    236. 

  236.     si = M_ASN1_new_of(CMS_SignerInfo);
    237. 

  237.     if (!si)
    238. 

  238.         goto merr;
    239. 

  239.     /* Call for side-effect of computing hash and caching extensions */
    240. 

  240.     X509_check_purpose(signer, -1, -1);
    241. 

  241. 

  242.     X509_up_ref(signer);
    243. 

  243.     EVP_PKEY_up_ref(pk);
    244. 

  244. 

  245.     si->pkey = pk;
    246. 

  246.     si->signer = signer;
    247. 

  247.     si->mctx = EVP_MD_CTX_new();
    248. 

  248.     si->pctx = NULL;
    249. 

  249. 

  250.     if (si->mctx == NULL) {
    251. 

  251.         CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
    252. 

  252.         goto err;
    253. 

  253.     }
    254. 

  254. 

  255.     if (flags & CMS_USE_KEYID) {
    256. 

  256.         si->version = 3;
    257. 

  257.         if (sd->version < 3)
    258. 

  258.             sd->version = 3;
    259. 

  259.         type = CMS_SIGNERINFO_KEYIDENTIFIER;
    260. 

  260.     } else {
    261. 

  261.         type = CMS_SIGNERINFO_ISSUER_SERIAL;
    262. 

  262.         si->version = 1;
    263. 

  263.     }
    264. 

  264. 

  265.     if (!cms_set1_SignerIdentifier(si->sid, signer, type))
    266. 

  266.         goto err;
    267. 

  267. 

  268.     if (md == NULL) {
    269. 

  269.         int def_nid;
    270. 

  270.         if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
    271. 

  271.             goto err;
    272. 

  272.         md = EVP_get_digestbynid(def_nid);
    273. 

  273.         if (md == NULL) {
    274. 

  274.             CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
    275. 

  275.             goto err;
    276. 

  276.         }
    277. 

  277.     }
    278. 

  278. 

  279.     if (!md) {
    280. 

  280.         CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
    281. 

  281.         goto err;
    282. 

  282.     }
    283. 

  283. 

  284.     X509_ALGOR_set_md(si->digestAlgorithm, md);
    285. 

  285. 

  286.     /* See if digest is present in digestAlgorithms */
    287. 

  287.     for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
    288. 

  288.         const ASN1_OBJECT *aoid;
    289. 

  289.         alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
    290. 

  290.         X509_ALGOR_get0(&aoid, NULL, NULL, alg);
    291. 

  291.         if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
    292. 

  292.             break;
    293. 

  293.     }
    294. 

  294. 

  295.     if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
    296. 

  296.         alg = X509_ALGOR_new();
    297. 

  297.         if (alg == NULL)
    298. 

  298.             goto merr;
    299. 

  299.         X509_ALGOR_set_md(alg, md);
    300. 

  300.         if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
    301. 

  301.             X509_ALGOR_free(alg);
    302. 

  302.             goto merr;
    303. 

  303.         }
    304. 

  304.     }
    305. 

  305. 

  306.     if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
    307. 

  307.         goto err;
    308. 

  308.     if (!(flags & CMS_NOATTR)) {
    309. 

  309.         /*
    310. 

  310.          * Initialize signed attributes structure so other attributes
    311. 

  311.          * such as signing time etc are added later even if we add none here.
    312. 

  312.          */
    313. 

  313.         if (!si->signedAttrs) {
    314. 

  314.             si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
    315. 

  315.             if (!si->signedAttrs)
    316. 

  316.                 goto merr;
    317. 

  317.         }
    318. 

  318. 

  319.         if (!(flags & CMS_NOSMIMECAP)) {
    320. 

  320.             STACK_OF(X509_ALGOR) *smcap = NULL;
    321. 

  321.             i = CMS_add_standard_smimecap(&smcap);
    322. 

  322.             if (i)
    323. 

  323.                 i = CMS_add_smimecap(si, smcap);
    324. 

  324.             sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
    325. 

  325.             if (!i)
    326. 

  326.                 goto merr;
    327. 

  327.         }
    328. 

  328.         if (flags & CMS_REUSE_DIGEST) {
    329. 

  329.             if (!cms_copy_messageDigest(cms, si))
    330. 

  330.                 goto err;
    331. 

  331.             if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
    332. 

  332.                 !CMS_SignerInfo_sign(si))
    333. 

  333.                 goto err;
    334. 

  334.         }
    335. 

  335.     }
    336. 

  336. 

  337.     if (!(flags & CMS_NOCERTS)) {
    338. 

  338.         /* NB ignore -1 return for duplicate cert */
    339. 

  339.         if (!CMS_add1_cert(cms, signer))
    340. 

  340.             goto merr;
    341. 

  341.     }
    342. 

  342. 

  343.     if (flags & CMS_KEY_PARAM) {
    344. 

  344.         if (flags & CMS_NOATTR) {
    345. 

  345.             si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
    346. 

  346.             if (si->pctx == NULL)
    347. 

  347.                 goto err;
    348. 

  348.             if (EVP_PKEY_sign_init(si->pctx) <= 0)
    349. 

  349.                 goto err;
    350. 

  350.             if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
    351. 

  351.                 goto err;
    352. 

  352.         } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
    353. 

  353.                    0)
    354. 

  354.             goto err;
    355. 

  355.     }
    356. 

  356. 

  357.     if (!sd->signerInfos)
    358. 

  358.         sd->signerInfos = sk_CMS_SignerInfo_new_null();
    359. 

  359.     if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si))
    360. 

  360.         goto merr;
    361. 

  361. 

  362.     return si;
    363. 

  363. 

  364.  merr:
    365. 

  365.     CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
    366. 

  366.  err:
    367. 

  367.     M_ASN1_free_of(si, CMS_SignerInfo);
    368. 

  368.     return NULL;
    369. 

  369. 

  370. }
    371. 

  371. 

  372. static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
    373. 

  373. {
    374. 

  374.     ASN1_TIME *tt;
    375. 

  375.     int r = 0;
    376. 

  376.     if (t)
    377. 

  377.         tt = t;
    378. 

  378.     else
    379. 

  379.         tt = X509_gmtime_adj(NULL, 0);
    380. 

  380. 

  381.     if (!tt)
    382. 

  382.         goto merr;
    383. 

  383. 

  384.     if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
    385. 

  385.                                     tt->type, tt, -1) <= 0)
    386. 

  386.         goto merr;
    387. 

  387. 

  388.     r = 1;
    389. 

  389. 

  390.  merr:
    391. 

  391. 

  392.     if (!t)
    393. 

  393.         ASN1_TIME_free(tt);
    394. 

  394. 

  395.     if (!r)
    396. 

  396.         CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
    397. 

  397. 

  398.     return r;
    399. 

  399. 

  400. }
    401. 

  401. 

  402. EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
    403. 

  403. {
    404. 

  404.     return si->pctx;
    405. 

  405. }
    406. 

  406. 

  407. EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
    408. 

  408. {
    409. 

  409.     return si->mctx;
    410. 

  410. }
    411. 

  411. 

  412. STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
    413. 

  413. {
    414. 

  414.     CMS_SignedData *sd;
    415. 

  415.     sd = cms_get0_signed(cms);
    416. 

  416.     if (!sd)
    417. 

  417.         return NULL;
    418. 

  418.     return sd->signerInfos;
    419. 

  419. }
    420. 

  420. 

  421. STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
    422. 

  422. {
    423. 

  423.     STACK_OF(X509) *signers = NULL;
    424. 

  424.     STACK_OF(CMS_SignerInfo) *sinfos;
    425. 

  425.     CMS_SignerInfo *si;
    426. 

  426.     int i;
    427. 

  427.     sinfos = CMS_get0_SignerInfos(cms);
    428. 

  428.     for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
    429. 

  429.         si = sk_CMS_SignerInfo_value(sinfos, i);
    430. 

  430.         if (si->signer) {
    431. 

  431.             if (!signers) {
    432. 

  432.                 signers = sk_X509_new_null();
    433. 

  433.                 if (!signers)
    434. 

  434.                     return NULL;
    435. 

  435.             }
    436. 

  436.             if (!sk_X509_push(signers, si->signer)) {
    437. 

  437.                 sk_X509_free(signers);
    438. 

  438.                 return NULL;
    439. 

  439.             }
    440. 

  440.         }
    441. 

  441.     }
    442. 

  442.     return signers;
    443. 

  443. }
    444. 

  444. 

  445. void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
    446. 

  446. {
    447. 

  447.     if (signer) {
    448. 

  448.         X509_up_ref(signer);
    449. 

  449.         EVP_PKEY_free(si->pkey);
    450. 

  450.         si->pkey = X509_get_pubkey(signer);
    451. 

  451.     }
    452. 

  452.     X509_free(si->signer);
    453. 

  453.     si->signer = signer;
    454. 

  454. }
    455. 

  455. 

  456. int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
    457. 

  457.                                   ASN1_OCTET_STRING **keyid,
    458. 

  458.                                   X509_NAME **issuer, ASN1_INTEGER **sno)
    459. 

  459. {
    460. 

  460.     return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
    461. 

  461. }
    462. 

  462. 

  463. int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
    464. 

  464. {
    465. 

  465.     return cms_SignerIdentifier_cert_cmp(si->sid, cert);
    466. 

  466. }
    467. 

  467. 

  468. int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
    469. 

  469.                            unsigned int flags)
    470. 

  470. {
    471. 

  471.     CMS_SignedData *sd;
    472. 

  472.     CMS_SignerInfo *si;
    473. 

  473.     CMS_CertificateChoices *cch;
    474. 

  474.     STACK_OF(CMS_CertificateChoices) *certs;
    475. 

  475.     X509 *x;
    476. 

  476.     int i, j;
    477. 

  477.     int ret = 0;
    478. 

  478.     sd = cms_get0_signed(cms);
    479. 

  479.     if (!sd)
    480. 

  480.         return -1;
    481. 

  481.     certs = sd->certificates;
    482. 

  482.     for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
    483. 

  483.         si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
    484. 

  484.         if (si->signer)
    485. 

  485.             continue;
    486. 

  486. 

  487.         for (j = 0; j < sk_X509_num(scerts); j++) {
    488. 

  488.             x = sk_X509_value(scerts, j);
    489. 

  489.             if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
    490. 

  490.                 CMS_SignerInfo_set1_signer_cert(si, x);
    491. 

  491.                 ret++;
    492. 

  492.                 break;
    493. 

  493.             }
    494. 

  494.         }
    495. 

  495. 

  496.         if (si->signer || (flags & CMS_NOINTERN))
    497. 

  497.             continue;
    498. 

  498. 

  499.         for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
    500. 

  500.             cch = sk_CMS_CertificateChoices_value(certs, j);
    501. 

  501.             if (cch->type != 0)
    502. 

  502.                 continue;
    503. 

  503.             x = cch->d.certificate;
    504. 

  504.             if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
    505. 

  505.                 CMS_SignerInfo_set1_signer_cert(si, x);
    506. 

  506.                 ret++;
    507. 

  507.                 break;
    508. 

  508.             }
    509. 

  509.         }
    510. 

  510.     }
    511. 

  511.     return ret;
    512. 

  512. }
    513. 

  513. 

  514. void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
    515. 

  515.                               X509 **signer, X509_ALGOR **pdig,
    516. 

  516.                               X509_ALGOR **psig)
    517. 

  517. {
    518. 

  518.     if (pk)
    519. 

  519.         *pk = si->pkey;
    520. 

  520.     if (signer)
    521. 

  521.         *signer = si->signer;
    522. 

  522.     if (pdig)
    523. 

  523.         *pdig = si->digestAlgorithm;
    524. 

  524.     if (psig)
    525. 

  525.         *psig = si->signatureAlgorithm;
    526. 

  526. }
    527. 

  527. 

  528. ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
    529. 

  529. {
    530. 

  530.     return si->signature;
    531. 

  531. }
    532. 

  532. 

  533. static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
    534. 

  534.                                        CMS_SignerInfo *si, BIO *chain)
    535. 

  535. {
    536. 

  536.     EVP_MD_CTX *mctx = EVP_MD_CTX_new();
    537. 

  537.     int r = 0;
    538. 

  538.     EVP_PKEY_CTX *pctx = NULL;
    539. 

  539. 

  540.     if (mctx == NULL) {
    541. 

  541.         CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
    542. 

  542.         return 0;
    543. 

  543.     }
    544. 

  544. 

  545.     if (!si->pkey) {
    546. 

  546.         CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
    547. 

  547.         goto err;
    548. 

  548.     }
    549. 

  549. 

  550.     if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
    551. 

  551.         goto err;
    552. 

  552.     /* Set SignerInfo algorithm details if we used custom parameter */
    553. 

  553.     if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
    554. 

  554.         goto err;
    555. 

  555. 

  556.     /*
    557. 

  557.      * If any signed attributes calculate and add messageDigest attribute
    558. 

  558.      */
    559. 

  559. 

  560.     if (CMS_signed_get_attr_count(si) >= 0) {
    561. 

  561.         ASN1_OBJECT *ctype =
    562. 

  562.             cms->d.signedData->encapContentInfo->eContentType;
    563. 

  563.         unsigned char md[EVP_MAX_MD_SIZE];
    564. 

  564.         unsigned int mdlen;
    565. 

  565.         if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
    566. 

  566.             goto err;
    567. 

  567.         if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
    568. 

  568.                                          V_ASN1_OCTET_STRING, md, mdlen))
    569. 

  569.             goto err;
    570. 

  570.         /* Copy content type across */
    571. 

  571.         if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
    572. 

  572.                                         V_ASN1_OBJECT, ctype, -1) <= 0)
    573. 

  573.             goto err;
    574. 

  574.         if (!CMS_SignerInfo_sign(si))
    575. 

  575.             goto err;
    576. 

  576.     } else if (si->pctx) {
    577. 

  577.         unsigned char *sig;
    578. 

  578.         size_t siglen;
    579. 

  579.         unsigned char md[EVP_MAX_MD_SIZE];
    580. 

  580.         unsigned int mdlen;
    581. 

  581.         pctx = si->pctx;
    582. 

  582.         if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
    583. 

  583.             goto err;
    584. 

  584.         siglen = EVP_PKEY_size(si->pkey);
    585. 

  585.         sig = OPENSSL_malloc(siglen);
    586. 

  586.         if (sig == NULL) {
    587. 

  587.             CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
    588. 

  588.             goto err;
    589. 

  589.         }
    590. 

  590.         if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
    591. 

  591.             OPENSSL_free(sig);
    592. 

  592.             goto err;
    593. 

  593.         }
    594. 

  594.         ASN1_STRING_set0(si->signature, sig, siglen);
    595. 

  595.     } else {
    596. 

  596.         unsigned char *sig;
    597. 

  597.         unsigned int siglen;
    598. 

  598.         sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
    599. 

  599.         if (sig == NULL) {
    600. 

  600.             CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
    601. 

  601.             goto err;
    602. 

  602.         }
    603. 

  603.         if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
    604. 

  604.             CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
    605. 

  605.             OPENSSL_free(sig);
    606. 

  606.             goto err;
    607. 

  607.         }
    608. 

  608.         ASN1_STRING_set0(si->signature, sig, siglen);
    609. 

  609.     }
    610. 

  610. 

  611.     r = 1;
    612. 

  612. 

  613.  err:
    614. 

  614.     EVP_MD_CTX_free(mctx);
    615. 

  615.     EVP_PKEY_CTX_free(pctx);
    616. 

  616.     return r;
    617. 

  617. 

  618. }
    619. 

  619. 

  620. int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
    621. 

  621. {
    622. 

  622.     STACK_OF(CMS_SignerInfo) *sinfos;
    623. 

  623.     CMS_SignerInfo *si;
    624. 

  624.     int i;
    625. 

  625.     sinfos = CMS_get0_SignerInfos(cms);
    626. 

  626.     for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
    627. 

  627.         si = sk_CMS_SignerInfo_value(sinfos, i);
    628. 

  628.         if (!cms_SignerInfo_content_sign(cms, si, chain))
    629. 

  629.             return 0;
    630. 

  630.     }
    631. 

  631.     cms->d.signedData->encapContentInfo->partial = 0;
    632. 

  632.     return 1;
    633. 

  633. }
    634. 

  634. 

  635. int CMS_SignerInfo_sign(CMS_SignerInfo *si)
    636. 

  636. {
    637. 

  637.     EVP_MD_CTX *mctx = si->mctx;
    638. 

  638.     EVP_PKEY_CTX *pctx = NULL;
    639. 

  639.     unsigned char *abuf = NULL;
    640. 

  640.     int alen;
    641. 

  641.     size_t siglen;
    642. 

  642.     const EVP_MD *md = NULL;
    643. 

  643. 

  644.     md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
    645. 

  645.     if (md == NULL)
    646. 

  646.         return 0;
    647. 

  647. 

  648.     if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
    649. 

  649.         if (!cms_add1_signingTime(si, NULL))
    650. 

  650.             goto err;
    651. 

  651.     }
    652. 

  652. 

  653.     if (si->pctx)
    654. 

  654.         pctx = si->pctx;
    655. 

  655.     else {
    656. 

  656.         EVP_MD_CTX_reset(mctx);
    657. 

  657.         if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
    658. 

  658.             goto err;
    659. 

  659.         si->pctx = pctx;
    660. 

  660.     }
    661. 

  661. 

  662.     if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
    663. 

  663.                           EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
    664. 

  664.         CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
    665. 

  665.         goto err;
    666. 

  666.     }
    667. 

  667. 

  668.     alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
    669. 

  669.                          ASN1_ITEM_rptr(CMS_Attributes_Sign));
    670. 

  670.     if (!abuf)
    671. 

  671.         goto err;
    672. 

  672.     if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
    673. 

  673.         goto err;
    674. 

  674.     if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
    675. 

  675.         goto err;
    676. 

  676.     OPENSSL_free(abuf);
    677. 

  677.     abuf = OPENSSL_malloc(siglen);
    678. 

  678.     if (abuf == NULL)
    679. 

  679.         goto err;
    680. 

  680.     if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
    681. 

  681.         goto err;
    682. 

  682. 

  683.     if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
    684. 

  684.                           EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
    685. 

  685.         CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
    686. 

  686.         goto err;
    687. 

  687.     }
    688. 

  688. 

  689.     EVP_MD_CTX_reset(mctx);
    690. 

  690. 

  691.     ASN1_STRING_set0(si->signature, abuf, siglen);
    692. 

  692. 

  693.     return 1;
    694. 

  694. 

  695.  err:
    696. 

  696.     OPENSSL_free(abuf);
    697. 

  697.     EVP_MD_CTX_reset(mctx);
    698. 

  698.     return 0;
    699. 

  699. 

  700. }
    701. 

  701. 

  702. int CMS_SignerInfo_verify(CMS_SignerInfo *si)
    703. 

  703. {
    704. 

  704.     EVP_MD_CTX *mctx = NULL;
    705. 

  705.     unsigned char *abuf = NULL;
    706. 

  706.     int alen, r = -1;
    707. 

  707.     const EVP_MD *md = NULL;
    708. 

  708. 

  709.     if (!si->pkey) {
    710. 

  710.         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
    711. 

  711.         return -1;
    712. 

  712.     }
    713. 

  713. 

  714.     md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
    715. 

  715.     if (md == NULL)
    716. 

  716.         return -1;
    717. 

  717.     if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
    718. 

  718.         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE);
    719. 

  719.         return -1;
    720. 

  720.     }
    721. 

  721.     mctx = si->mctx;
    722. 

  722.     if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0)
    723. 

  723.         goto err;
    724. 

  724. 

  725.     if (!cms_sd_asn1_ctrl(si, 1))
    726. 

  726.         goto err;
    727. 

  727. 

  728.     alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
    729. 

  729.                          ASN1_ITEM_rptr(CMS_Attributes_Verify));
    730. 

  730.     if (!abuf)
    731. 

  731.         goto err;
    732. 

  732.     r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
    733. 

  733.     OPENSSL_free(abuf);
    734. 

  734.     if (r <= 0) {
    735. 

  735.         r = -1;
    736. 

  736.         goto err;
    737. 

  737.     }
    738. 

  738.     r = EVP_DigestVerifyFinal(mctx,
    739. 

  739.                               si->signature->data, si->signature->length);
    740. 

  740.     if (r <= 0)
    741. 

  741.         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
    742. 

  742.  err:
    743. 

  743.     EVP_MD_CTX_reset(mctx);
    744. 

  744.     return r;
    745. 

  745. }
    746. 

  746. 

  747. /* Create a chain of digest BIOs from a CMS ContentInfo */
    748. 

  748. 

  749. BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
    750. 

  750. {
    751. 

  751.     int i;
    752. 

  752.     CMS_SignedData *sd;
    753. 

  753.     BIO *chain = NULL;
    754. 

  754.     sd = cms_get0_signed(cms);
    755. 

  755.     if (!sd)
    756. 

  756.         return NULL;
    757. 

  757.     if (cms->d.signedData->encapContentInfo->partial)
    758. 

  758.         cms_sd_set_version(sd);
    759. 

  759.     for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
    760. 

  760.         X509_ALGOR *digestAlgorithm;
    761. 

  761.         BIO *mdbio;
    762. 

  762.         digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
    763. 

  763.         mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
    764. 

  764.         if (!mdbio)
    765. 

  765.             goto err;
    766. 

  766.         if (chain)
    767. 

  767.             BIO_push(chain, mdbio);
    768. 

  768.         else
    769. 

  769.             chain = mdbio;
    770. 

  770.     }
    771. 

  771.     return chain;
    772. 

  772.  err:
    773. 

  773.     BIO_free_all(chain);
    774. 

  774.     return NULL;
    775. 

  775. }
    776. 

  776. 

  777. int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
    778. 

  778. {
    779. 

  779.     ASN1_OCTET_STRING *os = NULL;
    780. 

  780.     EVP_MD_CTX *mctx = EVP_MD_CTX_new();
    781. 

  781.     EVP_PKEY_CTX *pkctx = NULL;
    782. 

  782.     int r = -1;
    783. 

  783.     unsigned char mval[EVP_MAX_MD_SIZE];
    784. 

  784.     unsigned int mlen;
    785. 

  785. 

  786.     if (mctx == NULL) {
    787. 

  787.         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
    788. 

  788.         goto err;
    789. 

  789.     }
    790. 

  790.     /* If we have any signed attributes look for messageDigest value */
    791. 

  791.     if (CMS_signed_get_attr_count(si) >= 0) {
    792. 

  792.         os = CMS_signed_get0_data_by_OBJ(si,
    793. 

  793.                                          OBJ_nid2obj(NID_pkcs9_messageDigest),
    794. 

  794.                                          -3, V_ASN1_OCTET_STRING);
    795. 

  795.         if (!os) {
    796. 

  796.             CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
    797. 

  797.                    CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
    798. 

  798.             goto err;
    799. 

  799.         }
    800. 

  800.     }
    801. 

  801. 

  802.     if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
    803. 

  803.         goto err;
    804. 

  804. 

  805.     if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
    806. 

  806.         CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
    807. 

  807.                CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
    808. 

  808.         goto err;
    809. 

  809.     }
    810. 

  810. 

  811.     /* If messageDigest found compare it */
    812. 

  812. 

  813.     if (os) {
    814. 

  814.         if (mlen != (unsigned int)os->length) {
    815. 

  815.             CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
    816. 

  816.                    CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
    817. 

  817.             goto err;
    818. 

  818.         }
    819. 

  819. 

  820.         if (memcmp(mval, os->data, mlen)) {
    821. 

  821.             CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
    822. 

  822.                    CMS_R_VERIFICATION_FAILURE);
    823. 

  823.             r = 0;
    824. 

  824.         } else
    825. 

  825.             r = 1;
    826. 

  826.     } else {
    827. 

  827.         const EVP_MD *md = EVP_MD_CTX_md(mctx);
    828. 

  828.         pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
    829. 

  829.         if (pkctx == NULL)
    830. 

  830.             goto err;
    831. 

  831.         if (EVP_PKEY_verify_init(pkctx) <= 0)
    832. 

  832.             goto err;
    833. 

  833.         if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
    834. 

  834.             goto err;
    835. 

  835.         si->pctx = pkctx;
    836. 

  836.         if (!cms_sd_asn1_ctrl(si, 1))
    837. 

  837.             goto err;
    838. 

  838.         r = EVP_PKEY_verify(pkctx, si->signature->data,
    839. 

  839.                             si->signature->length, mval, mlen);
    840. 

  840.         if (r <= 0) {
    841. 

  841.             CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
    842. 

  842.                    CMS_R_VERIFICATION_FAILURE);
    843. 

  843.             r = 0;
    844. 

  844.         }
    845. 

  845.     }
    846. 

  846. 

  847.  err:
    848. 

  848.     EVP_PKEY_CTX_free(pkctx);
    849. 

  849.     EVP_MD_CTX_free(mctx);
    850. 

  850.     return r;
    851. 

  851. 

  852. }
    853. 

  853. 

  854. int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
    855. 

  855. {
    856. 

  856.     unsigned char *smder = NULL;
    857. 

  857.     int smderlen, r;
    858. 

  858.     smderlen = i2d_X509_ALGORS(algs, &smder);
    859. 

  859.     if (smderlen <= 0)
    860. 

  860.         return 0;
    861. 

  861.     r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
    862. 

  862.                                     V_ASN1_SEQUENCE, smder, smderlen);
    863. 

  863.     OPENSSL_free(smder);
    864. 

  864.     return r;
    865. 

  865. }
    866. 

  866. 

  867. int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
    868. 

  868.                             int algnid, int keysize)
    869. 

  869. {
    870. 

  870.     X509_ALGOR *alg;
    871. 

  871.     ASN1_INTEGER *key = NULL;
    872. 

  872.     if (keysize > 0) {
    873. 

  873.         key = ASN1_INTEGER_new();
    874. 

  874.         if (key == NULL || !ASN1_INTEGER_set(key, keysize))
    875. 

  875.             return 0;
    876. 

  876.     }
    877. 

  877.     alg = X509_ALGOR_new();
    878. 

  878.     if (alg == NULL) {
    879. 

  879.         ASN1_INTEGER_free(key);
    880. 

  880.         return 0;
    881. 

  881.     }
    882. 

  882. 

  883.     X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
    884. 

  884.                     key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
    885. 

  885.     if (*algs == NULL)
    886. 

  886.         *algs = sk_X509_ALGOR_new_null();
    887. 

  887.     if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
    888. 

  888.         X509_ALGOR_free(alg);
    889. 

  889.         return 0;
    890. 

  890.     }
    891. 

  891.     return 1;
    892. 

  892. }
    893. 

  893. 

  894. /* Check to see if a cipher exists and if so add S/MIME capabilities */
    895. 

  895. 

  896. static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
    897. 

  897. {
    898. 

  898.     if (EVP_get_cipherbynid(nid))
    899. 

  899.         return CMS_add_simple_smimecap(sk, nid, arg);
    900. 

  900.     return 1;
    901. 

  901. }
    902. 

  902. 

  903. static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
    904. 

  904. {
    905. 

  905.     if (EVP_get_digestbynid(nid))
    906. 

  906.         return CMS_add_simple_smimecap(sk, nid, arg);
    907. 

  907.     return 1;
    908. 

  908. }
    909. 

  909. 

  910. int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
    911. 

  911. {
    912. 

  912.     if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
    913. 

  913.         || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
    914. 

  914.         || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
    915. 

  915.         || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
    916. 

  916.         || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
    917. 

  917.         || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
    918. 

  918.         || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
    919. 

  919.         || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
    920. 

  920.         || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
    921. 

  921.         || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
    922. 

  922.         || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
    923. 

  923.         || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
    924. 

  924.         return 0;
    925. 

  925.     return 1;
    926. 

  926. }
    927.