cms_lib.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741
  1. /*
  2. * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <openssl/asn1t.h>
  10. #include <openssl/x509v3.h>
  11. #include <openssl/err.h>
  12. #include <openssl/pem.h>
  13. #include <openssl/bio.h>
  14. #include <openssl/asn1.h>
  15. #include <openssl/cms.h>
  16. #include "internal/sizes.h"
  17. #include "crypto/x509.h"
  18. #include "cms_local.h"
  19. static STACK_OF(CMS_CertificateChoices)
  20. **cms_get0_certificate_choices(CMS_ContentInfo *cms);
  21. IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
  22. CMS_ContentInfo *d2i_CMS_ContentInfo(CMS_ContentInfo **a,
  23. const unsigned char **in, long len)
  24. {
  25. CMS_ContentInfo *ci;
  26. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(a == NULL ? NULL : *a);
  27. ci = (CMS_ContentInfo *)ASN1_item_d2i_ex((ASN1_VALUE **)a, in, len,
  28. (CMS_ContentInfo_it()),
  29. ossl_cms_ctx_get0_libctx(ctx),
  30. ossl_cms_ctx_get0_propq(ctx));
  31. if (ci != NULL) {
  32. ERR_set_mark();
  33. ossl_cms_resolve_libctx(ci);
  34. ERR_pop_to_mark();
  35. }
  36. return ci;
  37. }
  38. int i2d_CMS_ContentInfo(const CMS_ContentInfo *a, unsigned char **out)
  39. {
  40. return ASN1_item_i2d((const ASN1_VALUE *)a, out, (CMS_ContentInfo_it()));
  41. }
  42. CMS_ContentInfo *CMS_ContentInfo_new_ex(OSSL_LIB_CTX *libctx, const char *propq)
  43. {
  44. CMS_ContentInfo *ci;
  45. ci = (CMS_ContentInfo *)ASN1_item_new_ex(ASN1_ITEM_rptr(CMS_ContentInfo),
  46. libctx, propq);
  47. if (ci != NULL) {
  48. ci->ctx.libctx = libctx;
  49. ci->ctx.propq = NULL;
  50. if (propq != NULL) {
  51. ci->ctx.propq = OPENSSL_strdup(propq);
  52. if (ci->ctx.propq == NULL) {
  53. CMS_ContentInfo_free(ci);
  54. ci = NULL;
  55. }
  56. }
  57. }
  58. return ci;
  59. }
  60. CMS_ContentInfo *CMS_ContentInfo_new(void)
  61. {
  62. return CMS_ContentInfo_new_ex(NULL, NULL);
  63. }
  64. void CMS_ContentInfo_free(CMS_ContentInfo *cms)
  65. {
  66. if (cms != NULL) {
  67. OPENSSL_free(cms->ctx.propq);
  68. ASN1_item_free((ASN1_VALUE *)cms, ASN1_ITEM_rptr(CMS_ContentInfo));
  69. }
  70. }
  71. const CMS_CTX *ossl_cms_get0_cmsctx(const CMS_ContentInfo *cms)
  72. {
  73. return cms != NULL ? &cms->ctx : NULL;
  74. }
  75. OSSL_LIB_CTX *ossl_cms_ctx_get0_libctx(const CMS_CTX *ctx)
  76. {
  77. return ctx != NULL ? ctx->libctx : NULL;
  78. }
  79. const char *ossl_cms_ctx_get0_propq(const CMS_CTX *ctx)
  80. {
  81. return ctx != NULL ? ctx->propq : NULL;
  82. }
  83. void ossl_cms_resolve_libctx(CMS_ContentInfo *ci)
  84. {
  85. int i;
  86. CMS_CertificateChoices *cch;
  87. STACK_OF(CMS_CertificateChoices) **pcerts;
  88. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(ci);
  89. OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx);
  90. const char *propq = ossl_cms_ctx_get0_propq(ctx);
  91. ossl_cms_SignerInfos_set_cmsctx(ci);
  92. ossl_cms_RecipientInfos_set_cmsctx(ci);
  93. pcerts = cms_get0_certificate_choices(ci);
  94. if (pcerts != NULL) {
  95. for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
  96. cch = sk_CMS_CertificateChoices_value(*pcerts, i);
  97. if (cch->type == CMS_CERTCHOICE_CERT)
  98. ossl_x509_set0_libctx(cch->d.certificate, libctx, propq);
  99. }
  100. }
  101. }
  102. const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
  103. {
  104. return cms->contentType;
  105. }
  106. CMS_ContentInfo *ossl_cms_Data_create(OSSL_LIB_CTX *libctx, const char *propq)
  107. {
  108. CMS_ContentInfo *cms = CMS_ContentInfo_new_ex(libctx, propq);
  109. if (cms != NULL) {
  110. cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
  111. /* Never detached */
  112. CMS_set_detached(cms, 0);
  113. }
  114. return cms;
  115. }
  116. BIO *ossl_cms_content_bio(CMS_ContentInfo *cms)
  117. {
  118. ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
  119. if (pos == NULL)
  120. return NULL;
  121. /* If content detached data goes nowhere: create NULL BIO */
  122. if (*pos == NULL)
  123. return BIO_new(BIO_s_null());
  124. /*
  125. * If content not detached and created return memory BIO
  126. */
  127. if (*pos == NULL || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
  128. return BIO_new(BIO_s_mem());
  129. /* Else content was read in: return read only BIO for it */
  130. return BIO_new_mem_buf((*pos)->data, (*pos)->length);
  131. }
  132. BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
  133. {
  134. BIO *cmsbio, *cont;
  135. if (icont)
  136. cont = icont;
  137. else
  138. cont = ossl_cms_content_bio(cms);
  139. if (!cont) {
  140. ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT);
  141. return NULL;
  142. }
  143. switch (OBJ_obj2nid(cms->contentType)) {
  144. case NID_pkcs7_data:
  145. return cont;
  146. case NID_pkcs7_signed:
  147. cmsbio = ossl_cms_SignedData_init_bio(cms);
  148. break;
  149. case NID_pkcs7_digest:
  150. cmsbio = ossl_cms_DigestedData_init_bio(cms);
  151. break;
  152. #ifndef OPENSSL_NO_ZLIB
  153. case NID_id_smime_ct_compressedData:
  154. cmsbio = ossl_cms_CompressedData_init_bio(cms);
  155. break;
  156. #endif
  157. case NID_pkcs7_encrypted:
  158. cmsbio = ossl_cms_EncryptedData_init_bio(cms);
  159. break;
  160. case NID_pkcs7_enveloped:
  161. cmsbio = ossl_cms_EnvelopedData_init_bio(cms);
  162. break;
  163. case NID_id_smime_ct_authEnvelopedData:
  164. cmsbio = ossl_cms_AuthEnvelopedData_init_bio(cms);
  165. break;
  166. default:
  167. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_TYPE);
  168. goto err;
  169. }
  170. if (cmsbio)
  171. return BIO_push(cmsbio, cont);
  172. err:
  173. if (!icont)
  174. BIO_free(cont);
  175. return NULL;
  176. }
  177. /* unfortunately cannot constify SMIME_write_ASN1() due to this function */
  178. int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
  179. {
  180. return ossl_cms_DataFinal(cms, cmsbio, NULL, 0);
  181. }
  182. int ossl_cms_DataFinal(CMS_ContentInfo *cms, BIO *cmsbio,
  183. const unsigned char *precomp_md,
  184. unsigned int precomp_mdlen)
  185. {
  186. ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
  187. if (pos == NULL)
  188. return 0;
  189. /* If embedded content find memory BIO and set content */
  190. if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
  191. BIO *mbio;
  192. unsigned char *cont;
  193. long contlen;
  194. mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
  195. if (!mbio) {
  196. ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_NOT_FOUND);
  197. return 0;
  198. }
  199. contlen = BIO_get_mem_data(mbio, &cont);
  200. /* Set bio as read only so its content can't be clobbered */
  201. BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
  202. BIO_set_mem_eof_return(mbio, 0);
  203. ASN1_STRING_set0(*pos, cont, contlen);
  204. (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
  205. }
  206. switch (OBJ_obj2nid(cms->contentType)) {
  207. case NID_pkcs7_data:
  208. case NID_pkcs7_encrypted:
  209. case NID_id_smime_ct_compressedData:
  210. /* Nothing to do */
  211. return 1;
  212. case NID_pkcs7_enveloped:
  213. return ossl_cms_EnvelopedData_final(cms, cmsbio);
  214. case NID_id_smime_ct_authEnvelopedData:
  215. return ossl_cms_AuthEnvelopedData_final(cms, cmsbio);
  216. case NID_pkcs7_signed:
  217. return ossl_cms_SignedData_final(cms, cmsbio, precomp_md, precomp_mdlen);
  218. case NID_pkcs7_digest:
  219. return ossl_cms_DigestedData_do_final(cms, cmsbio, 0);
  220. default:
  221. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_TYPE);
  222. return 0;
  223. }
  224. }
  225. /*
  226. * Return an OCTET STRING pointer to content. This allows it to be accessed
  227. * or set later.
  228. */
  229. ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
  230. {
  231. switch (OBJ_obj2nid(cms->contentType)) {
  232. case NID_pkcs7_data:
  233. return &cms->d.data;
  234. case NID_pkcs7_signed:
  235. return &cms->d.signedData->encapContentInfo->eContent;
  236. case NID_pkcs7_enveloped:
  237. return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
  238. case NID_pkcs7_digest:
  239. return &cms->d.digestedData->encapContentInfo->eContent;
  240. case NID_pkcs7_encrypted:
  241. return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
  242. case NID_id_smime_ct_authEnvelopedData:
  243. return &cms->d.authEnvelopedData->authEncryptedContentInfo
  244. ->encryptedContent;
  245. case NID_id_smime_ct_authData:
  246. return &cms->d.authenticatedData->encapContentInfo->eContent;
  247. case NID_id_smime_ct_compressedData:
  248. return &cms->d.compressedData->encapContentInfo->eContent;
  249. default:
  250. if (cms->d.other->type == V_ASN1_OCTET_STRING)
  251. return &cms->d.other->value.octet_string;
  252. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE);
  253. return NULL;
  254. }
  255. }
  256. /*
  257. * Return an ASN1_OBJECT pointer to content type. This allows it to be
  258. * accessed or set later.
  259. */
  260. static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
  261. {
  262. switch (OBJ_obj2nid(cms->contentType)) {
  263. case NID_pkcs7_signed:
  264. return &cms->d.signedData->encapContentInfo->eContentType;
  265. case NID_pkcs7_enveloped:
  266. return &cms->d.envelopedData->encryptedContentInfo->contentType;
  267. case NID_pkcs7_digest:
  268. return &cms->d.digestedData->encapContentInfo->eContentType;
  269. case NID_pkcs7_encrypted:
  270. return &cms->d.encryptedData->encryptedContentInfo->contentType;
  271. case NID_id_smime_ct_authEnvelopedData:
  272. return &cms->d.authEnvelopedData->authEncryptedContentInfo
  273. ->contentType;
  274. case NID_id_smime_ct_authData:
  275. return &cms->d.authenticatedData->encapContentInfo->eContentType;
  276. case NID_id_smime_ct_compressedData:
  277. return &cms->d.compressedData->encapContentInfo->eContentType;
  278. default:
  279. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE);
  280. return NULL;
  281. }
  282. }
  283. const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
  284. {
  285. ASN1_OBJECT **petype;
  286. petype = cms_get0_econtent_type(cms);
  287. if (petype)
  288. return *petype;
  289. return NULL;
  290. }
  291. int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
  292. {
  293. ASN1_OBJECT **petype, *etype;
  294. petype = cms_get0_econtent_type(cms);
  295. if (petype == NULL)
  296. return 0;
  297. if (oid == NULL)
  298. return 1;
  299. etype = OBJ_dup(oid);
  300. if (etype == NULL)
  301. return 0;
  302. ASN1_OBJECT_free(*petype);
  303. *petype = etype;
  304. return 1;
  305. }
  306. int CMS_is_detached(CMS_ContentInfo *cms)
  307. {
  308. ASN1_OCTET_STRING **pos;
  309. pos = CMS_get0_content(cms);
  310. if (pos == NULL)
  311. return -1;
  312. if (*pos != NULL)
  313. return 0;
  314. return 1;
  315. }
  316. int CMS_set_detached(CMS_ContentInfo *cms, int detached)
  317. {
  318. ASN1_OCTET_STRING **pos;
  319. pos = CMS_get0_content(cms);
  320. if (pos == NULL)
  321. return 0;
  322. if (detached) {
  323. ASN1_OCTET_STRING_free(*pos);
  324. *pos = NULL;
  325. return 1;
  326. }
  327. if (*pos == NULL)
  328. *pos = ASN1_OCTET_STRING_new();
  329. if (*pos != NULL) {
  330. /*
  331. * NB: special flag to show content is created and not read in.
  332. */
  333. (*pos)->flags |= ASN1_STRING_FLAG_CONT;
  334. return 1;
  335. }
  336. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  337. return 0;
  338. }
  339. /* Create a digest BIO from an X509_ALGOR structure */
  340. BIO *ossl_cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm,
  341. const CMS_CTX *ctx)
  342. {
  343. BIO *mdbio = NULL;
  344. const ASN1_OBJECT *digestoid;
  345. const EVP_MD *digest = NULL;
  346. EVP_MD *fetched_digest = NULL;
  347. char alg[OSSL_MAX_NAME_SIZE];
  348. X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
  349. OBJ_obj2txt(alg, sizeof(alg), digestoid, 0);
  350. (void)ERR_set_mark();
  351. fetched_digest = EVP_MD_fetch(ossl_cms_ctx_get0_libctx(ctx), alg,
  352. ossl_cms_ctx_get0_propq(ctx));
  353. if (fetched_digest != NULL)
  354. digest = fetched_digest;
  355. else
  356. digest = EVP_get_digestbyobj(digestoid);
  357. if (digest == NULL) {
  358. (void)ERR_clear_last_mark();
  359. ERR_raise(ERR_LIB_CMS, CMS_R_UNKNOWN_DIGEST_ALGORITHM);
  360. goto err;
  361. }
  362. (void)ERR_pop_to_mark();
  363. mdbio = BIO_new(BIO_f_md());
  364. if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
  365. ERR_raise(ERR_LIB_CMS, CMS_R_MD_BIO_INIT_ERROR);
  366. goto err;
  367. }
  368. EVP_MD_free(fetched_digest);
  369. return mdbio;
  370. err:
  371. EVP_MD_free(fetched_digest);
  372. BIO_free(mdbio);
  373. return NULL;
  374. }
  375. /* Locate a message digest content from a BIO chain based on SignerInfo */
  376. int ossl_cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
  377. X509_ALGOR *mdalg)
  378. {
  379. int nid;
  380. const ASN1_OBJECT *mdoid;
  381. X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
  382. nid = OBJ_obj2nid(mdoid);
  383. /* Look for digest type to match signature */
  384. for (;;) {
  385. EVP_MD_CTX *mtmp;
  386. chain = BIO_find_type(chain, BIO_TYPE_MD);
  387. if (chain == NULL) {
  388. ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_DIGEST);
  389. return 0;
  390. }
  391. BIO_get_md_ctx(chain, &mtmp);
  392. if (EVP_MD_CTX_get_type(mtmp) == nid
  393. /*
  394. * Workaround for broken implementations that use signature
  395. * algorithm OID instead of digest.
  396. */
  397. || EVP_MD_get_pkey_type(EVP_MD_CTX_get0_md(mtmp)) == nid)
  398. return EVP_MD_CTX_copy_ex(mctx, mtmp);
  399. chain = BIO_next(chain);
  400. }
  401. }
  402. static STACK_OF(CMS_CertificateChoices)
  403. **cms_get0_certificate_choices(CMS_ContentInfo *cms)
  404. {
  405. switch (OBJ_obj2nid(cms->contentType)) {
  406. case NID_pkcs7_signed:
  407. return &cms->d.signedData->certificates;
  408. case NID_pkcs7_enveloped:
  409. if (cms->d.envelopedData->originatorInfo == NULL)
  410. return NULL;
  411. return &cms->d.envelopedData->originatorInfo->certificates;
  412. case NID_id_smime_ct_authEnvelopedData:
  413. if (cms->d.authEnvelopedData->originatorInfo == NULL)
  414. return NULL;
  415. return &cms->d.authEnvelopedData->originatorInfo->certificates;
  416. default:
  417. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE);
  418. return NULL;
  419. }
  420. }
  421. CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
  422. {
  423. STACK_OF(CMS_CertificateChoices) **pcerts;
  424. CMS_CertificateChoices *cch;
  425. pcerts = cms_get0_certificate_choices(cms);
  426. if (pcerts == NULL)
  427. return NULL;
  428. if (*pcerts == NULL)
  429. *pcerts = sk_CMS_CertificateChoices_new_null();
  430. if (*pcerts == NULL)
  431. return NULL;
  432. cch = M_ASN1_new_of(CMS_CertificateChoices);
  433. if (!cch)
  434. return NULL;
  435. if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
  436. M_ASN1_free_of(cch, CMS_CertificateChoices);
  437. return NULL;
  438. }
  439. return cch;
  440. }
  441. int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
  442. {
  443. CMS_CertificateChoices *cch;
  444. STACK_OF(CMS_CertificateChoices) **pcerts;
  445. int i;
  446. pcerts = cms_get0_certificate_choices(cms);
  447. if (pcerts == NULL)
  448. return 0;
  449. for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
  450. cch = sk_CMS_CertificateChoices_value(*pcerts, i);
  451. if (cch->type == CMS_CERTCHOICE_CERT) {
  452. if (!X509_cmp(cch->d.certificate, cert)) {
  453. ERR_raise(ERR_LIB_CMS, CMS_R_CERTIFICATE_ALREADY_PRESENT);
  454. return 0;
  455. }
  456. }
  457. }
  458. cch = CMS_add0_CertificateChoices(cms);
  459. if (!cch)
  460. return 0;
  461. cch->type = CMS_CERTCHOICE_CERT;
  462. cch->d.certificate = cert;
  463. return 1;
  464. }
  465. int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
  466. {
  467. int r;
  468. r = CMS_add0_cert(cms, cert);
  469. if (r > 0)
  470. X509_up_ref(cert);
  471. return r;
  472. }
  473. static STACK_OF(CMS_RevocationInfoChoice)
  474. **cms_get0_revocation_choices(CMS_ContentInfo *cms)
  475. {
  476. switch (OBJ_obj2nid(cms->contentType)) {
  477. case NID_pkcs7_signed:
  478. return &cms->d.signedData->crls;
  479. case NID_pkcs7_enveloped:
  480. if (cms->d.envelopedData->originatorInfo == NULL)
  481. return NULL;
  482. return &cms->d.envelopedData->originatorInfo->crls;
  483. case NID_id_smime_ct_authEnvelopedData:
  484. if (cms->d.authEnvelopedData->originatorInfo == NULL)
  485. return NULL;
  486. return &cms->d.authEnvelopedData->originatorInfo->crls;
  487. default:
  488. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_TYPE);
  489. return NULL;
  490. }
  491. }
  492. CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
  493. {
  494. STACK_OF(CMS_RevocationInfoChoice) **pcrls;
  495. CMS_RevocationInfoChoice *rch;
  496. pcrls = cms_get0_revocation_choices(cms);
  497. if (pcrls == NULL)
  498. return NULL;
  499. if (*pcrls == NULL)
  500. *pcrls = sk_CMS_RevocationInfoChoice_new_null();
  501. if (*pcrls == NULL)
  502. return NULL;
  503. rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
  504. if (rch == NULL)
  505. return NULL;
  506. if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
  507. M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
  508. return NULL;
  509. }
  510. return rch;
  511. }
  512. int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
  513. {
  514. CMS_RevocationInfoChoice *rch;
  515. rch = CMS_add0_RevocationInfoChoice(cms);
  516. if (!rch)
  517. return 0;
  518. rch->type = CMS_REVCHOICE_CRL;
  519. rch->d.crl = crl;
  520. return 1;
  521. }
  522. int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
  523. {
  524. int r;
  525. r = CMS_add0_crl(cms, crl);
  526. if (r > 0)
  527. X509_CRL_up_ref(crl);
  528. return r;
  529. }
  530. STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
  531. {
  532. STACK_OF(X509) *certs = NULL;
  533. CMS_CertificateChoices *cch;
  534. STACK_OF(CMS_CertificateChoices) **pcerts;
  535. int i;
  536. pcerts = cms_get0_certificate_choices(cms);
  537. if (pcerts == NULL)
  538. return NULL;
  539. for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
  540. cch = sk_CMS_CertificateChoices_value(*pcerts, i);
  541. if (cch->type == 0) {
  542. if (!ossl_x509_add_cert_new(&certs, cch->d.certificate,
  543. X509_ADD_FLAG_UP_REF)) {
  544. OSSL_STACK_OF_X509_free(certs);
  545. return NULL;
  546. }
  547. }
  548. }
  549. return certs;
  550. }
  551. STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
  552. {
  553. STACK_OF(X509_CRL) *crls = NULL;
  554. STACK_OF(CMS_RevocationInfoChoice) **pcrls;
  555. CMS_RevocationInfoChoice *rch;
  556. int i;
  557. pcrls = cms_get0_revocation_choices(cms);
  558. if (pcrls == NULL)
  559. return NULL;
  560. for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
  561. rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
  562. if (rch->type == 0) {
  563. if (!crls) {
  564. crls = sk_X509_CRL_new_null();
  565. if (!crls)
  566. return NULL;
  567. }
  568. if (!sk_X509_CRL_push(crls, rch->d.crl)) {
  569. sk_X509_CRL_pop_free(crls, X509_CRL_free);
  570. return NULL;
  571. }
  572. X509_CRL_up_ref(rch->d.crl);
  573. }
  574. }
  575. return crls;
  576. }
  577. int ossl_cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
  578. {
  579. int ret;
  580. ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
  581. if (ret)
  582. return ret;
  583. return ASN1_INTEGER_cmp(ias->serialNumber, X509_get0_serialNumber(cert));
  584. }
  585. int ossl_cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
  586. {
  587. const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
  588. if (cert_keyid == NULL)
  589. return -1;
  590. return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
  591. }
  592. int ossl_cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
  593. {
  594. CMS_IssuerAndSerialNumber *ias;
  595. ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
  596. if (!ias) {
  597. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  598. goto err;
  599. }
  600. if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert))) {
  601. ERR_raise(ERR_LIB_CMS, ERR_R_X509_LIB);
  602. goto err;
  603. }
  604. if (!ASN1_STRING_copy(ias->serialNumber, X509_get0_serialNumber(cert))) {
  605. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  606. goto err;
  607. }
  608. M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
  609. *pias = ias;
  610. return 1;
  611. err:
  612. M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
  613. return 0;
  614. }
  615. int ossl_cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
  616. {
  617. ASN1_OCTET_STRING *keyid = NULL;
  618. const ASN1_OCTET_STRING *cert_keyid;
  619. cert_keyid = X509_get0_subject_key_id(cert);
  620. if (cert_keyid == NULL) {
  621. ERR_raise(ERR_LIB_CMS, CMS_R_CERTIFICATE_HAS_NO_KEYID);
  622. return 0;
  623. }
  624. keyid = ASN1_STRING_dup(cert_keyid);
  625. if (!keyid) {
  626. ERR_raise(ERR_LIB_CMS, ERR_R_ASN1_LIB);
  627. return 0;
  628. }
  629. ASN1_OCTET_STRING_free(*pkeyid);
  630. *pkeyid = keyid;
  631. return 1;
  632. }