cms_smime.c 28 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992
  1. /*
  2. * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "internal/cryptlib.h"
  10. #include <openssl/asn1t.h>
  11. #include <openssl/x509.h>
  12. #include <openssl/x509v3.h>
  13. #include <openssl/err.h>
  14. #include <openssl/cms.h>
  15. #include "cms_local.h"
  16. #include "crypto/asn1.h"
  17. static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
  18. {
  19. BIO *rbio;
  20. if (out == NULL)
  21. rbio = BIO_new(BIO_s_null());
  22. else if (flags & CMS_TEXT) {
  23. rbio = BIO_new(BIO_s_mem());
  24. BIO_set_mem_eof_return(rbio, 0);
  25. } else
  26. rbio = out;
  27. return rbio;
  28. }
  29. static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
  30. {
  31. unsigned char buf[4096];
  32. int r = 0, i;
  33. BIO *tmpout;
  34. tmpout = cms_get_text_bio(out, flags);
  35. if (tmpout == NULL) {
  36. ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
  37. goto err;
  38. }
  39. /* Read all content through chain to process digest, decrypt etc */
  40. for (;;) {
  41. i = BIO_read(in, buf, sizeof(buf));
  42. if (i <= 0) {
  43. if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
  44. if (BIO_get_cipher_status(in) <= 0)
  45. goto err;
  46. }
  47. if (i < 0)
  48. goto err;
  49. break;
  50. }
  51. if (tmpout != NULL && (BIO_write(tmpout, buf, i) != i))
  52. goto err;
  53. }
  54. if (flags & CMS_TEXT) {
  55. if (!SMIME_text(tmpout, out)) {
  56. ERR_raise(ERR_LIB_CMS, CMS_R_SMIME_TEXT_ERROR);
  57. goto err;
  58. }
  59. }
  60. r = 1;
  61. err:
  62. if (tmpout != out)
  63. BIO_free(tmpout);
  64. return r;
  65. }
  66. static int check_content(CMS_ContentInfo *cms)
  67. {
  68. ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
  69. if (pos == NULL || *pos == NULL) {
  70. ERR_raise(ERR_LIB_CMS, CMS_R_NO_CONTENT);
  71. return 0;
  72. }
  73. return 1;
  74. }
  75. static void do_free_upto(BIO *f, BIO *upto)
  76. {
  77. if (upto != NULL) {
  78. BIO *tbio;
  79. do {
  80. tbio = BIO_pop(f);
  81. BIO_free(f);
  82. f = tbio;
  83. } while (f != NULL && f != upto);
  84. } else {
  85. BIO_free_all(f);
  86. }
  87. }
  88. int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
  89. {
  90. BIO *cont;
  91. int r;
  92. if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
  93. ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_DATA);
  94. return 0;
  95. }
  96. cont = CMS_dataInit(cms, NULL);
  97. if (cont == NULL)
  98. return 0;
  99. r = cms_copy_content(out, cont, flags);
  100. BIO_free_all(cont);
  101. return r;
  102. }
  103. CMS_ContentInfo *CMS_data_create_ex(BIO *in, unsigned int flags,
  104. OSSL_LIB_CTX *libctx, const char *propq)
  105. {
  106. CMS_ContentInfo *cms = ossl_cms_Data_create(libctx, propq);
  107. if (cms == NULL)
  108. return NULL;
  109. if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
  110. return cms;
  111. CMS_ContentInfo_free(cms);
  112. return NULL;
  113. }
  114. CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
  115. {
  116. return CMS_data_create_ex(in, flags, NULL, NULL);
  117. }
  118. int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
  119. unsigned int flags)
  120. {
  121. BIO *cont;
  122. int r;
  123. if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
  124. ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_DIGESTED_DATA);
  125. return 0;
  126. }
  127. if (dcont == NULL && !check_content(cms))
  128. return 0;
  129. cont = CMS_dataInit(cms, dcont);
  130. if (cont == NULL)
  131. return 0;
  132. r = cms_copy_content(out, cont, flags);
  133. if (r)
  134. r = ossl_cms_DigestedData_do_final(cms, cont, 1);
  135. do_free_upto(cont, dcont);
  136. return r;
  137. }
  138. CMS_ContentInfo *CMS_digest_create_ex(BIO *in, const EVP_MD *md,
  139. unsigned int flags, OSSL_LIB_CTX *ctx,
  140. const char *propq)
  141. {
  142. CMS_ContentInfo *cms;
  143. /*
  144. * Because the EVP_MD is cached and can be a legacy algorithm, we
  145. * cannot fetch the algorithm if it isn't supplied.
  146. */
  147. if (md == NULL)
  148. md = EVP_sha1();
  149. cms = ossl_cms_DigestedData_create(md, ctx, propq);
  150. if (cms == NULL)
  151. return NULL;
  152. if (!(flags & CMS_DETACHED))
  153. CMS_set_detached(cms, 0);
  154. if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
  155. return cms;
  156. CMS_ContentInfo_free(cms);
  157. return NULL;
  158. }
  159. CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
  160. unsigned int flags)
  161. {
  162. return CMS_digest_create_ex(in, md, flags, NULL, NULL);
  163. }
  164. int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
  165. const unsigned char *key, size_t keylen,
  166. BIO *dcont, BIO *out, unsigned int flags)
  167. {
  168. BIO *cont;
  169. int r;
  170. if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
  171. ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_ENCRYPTED_DATA);
  172. return 0;
  173. }
  174. if (dcont == NULL && !check_content(cms))
  175. return 0;
  176. if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
  177. return 0;
  178. cont = CMS_dataInit(cms, dcont);
  179. if (cont == NULL)
  180. return 0;
  181. r = cms_copy_content(out, cont, flags);
  182. do_free_upto(cont, dcont);
  183. return r;
  184. }
  185. CMS_ContentInfo *CMS_EncryptedData_encrypt_ex(BIO *in, const EVP_CIPHER *cipher,
  186. const unsigned char *key,
  187. size_t keylen, unsigned int flags,
  188. OSSL_LIB_CTX *libctx,
  189. const char *propq)
  190. {
  191. CMS_ContentInfo *cms;
  192. if (cipher == NULL) {
  193. ERR_raise(ERR_LIB_CMS, CMS_R_NO_CIPHER);
  194. return NULL;
  195. }
  196. cms = CMS_ContentInfo_new_ex(libctx, propq);
  197. if (cms == NULL)
  198. return NULL;
  199. if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
  200. return NULL;
  201. if (!(flags & CMS_DETACHED))
  202. CMS_set_detached(cms, 0);
  203. if ((flags & (CMS_STREAM | CMS_PARTIAL))
  204. || CMS_final(cms, in, NULL, flags))
  205. return cms;
  206. CMS_ContentInfo_free(cms);
  207. return NULL;
  208. }
  209. CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
  210. const unsigned char *key,
  211. size_t keylen, unsigned int flags)
  212. {
  213. return CMS_EncryptedData_encrypt_ex(in, cipher, key, keylen, flags, NULL,
  214. NULL);
  215. }
  216. static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
  217. X509_STORE *store,
  218. STACK_OF(X509) *untrusted,
  219. STACK_OF(X509_CRL) *crls,
  220. STACK_OF(X509) **chain,
  221. const CMS_CTX *cms_ctx)
  222. {
  223. X509_STORE_CTX *ctx;
  224. X509 *signer;
  225. int i, j, r = 0;
  226. ctx = X509_STORE_CTX_new_ex(ossl_cms_ctx_get0_libctx(cms_ctx),
  227. ossl_cms_ctx_get0_propq(cms_ctx));
  228. if (ctx == NULL) {
  229. ERR_raise(ERR_LIB_CMS, ERR_R_X509_LIB);
  230. goto err;
  231. }
  232. CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
  233. if (!X509_STORE_CTX_init(ctx, store, signer, untrusted)) {
  234. ERR_raise(ERR_LIB_CMS, CMS_R_STORE_INIT_ERROR);
  235. goto err;
  236. }
  237. X509_STORE_CTX_set_default(ctx, "smime_sign");
  238. if (crls != NULL)
  239. X509_STORE_CTX_set0_crls(ctx, crls);
  240. i = X509_verify_cert(ctx);
  241. if (i <= 0) {
  242. j = X509_STORE_CTX_get_error(ctx);
  243. ERR_raise_data(ERR_LIB_CMS, CMS_R_CERTIFICATE_VERIFY_ERROR,
  244. "Verify error: %s", X509_verify_cert_error_string(j));
  245. goto err;
  246. }
  247. r = 1;
  248. /* also send back the trust chain when required */
  249. if (chain != NULL)
  250. *chain = X509_STORE_CTX_get1_chain(ctx);
  251. err:
  252. X509_STORE_CTX_free(ctx);
  253. return r;
  254. }
  255. /* This strongly overlaps with PKCS7_verify() */
  256. int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
  257. X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
  258. {
  259. CMS_SignerInfo *si;
  260. STACK_OF(CMS_SignerInfo) *sinfos;
  261. STACK_OF(X509) *cms_certs = NULL;
  262. STACK_OF(X509_CRL) *crls = NULL;
  263. STACK_OF(X509) **si_chains = NULL;
  264. X509 *signer;
  265. int i, scount = 0, ret = 0;
  266. BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL;
  267. int cadesVerify = (flags & CMS_CADES) != 0;
  268. const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms);
  269. if (dcont == NULL && !check_content(cms))
  270. return 0;
  271. if (dcont != NULL && !(flags & CMS_BINARY)) {
  272. const ASN1_OBJECT *coid = CMS_get0_eContentType(cms);
  273. if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF)
  274. flags |= CMS_ASCIICRLF;
  275. }
  276. /* Attempt to find all signer certificates */
  277. sinfos = CMS_get0_SignerInfos(cms);
  278. if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
  279. ERR_raise(ERR_LIB_CMS, CMS_R_NO_SIGNERS);
  280. goto err;
  281. }
  282. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
  283. si = sk_CMS_SignerInfo_value(sinfos, i);
  284. CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
  285. if (signer != NULL)
  286. scount++;
  287. }
  288. if (scount != sk_CMS_SignerInfo_num(sinfos))
  289. scount += CMS_set1_signers_certs(cms, certs, flags);
  290. if (scount != sk_CMS_SignerInfo_num(sinfos)) {
  291. ERR_raise(ERR_LIB_CMS, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
  292. goto err;
  293. }
  294. /* Attempt to verify all signers certs */
  295. /* at this point scount == sk_CMS_SignerInfo_num(sinfos) */
  296. if ((flags & CMS_NO_SIGNER_CERT_VERIFY) == 0 || cadesVerify) {
  297. if (cadesVerify) {
  298. /* Certificate trust chain is required to check CAdES signature */
  299. si_chains = OPENSSL_zalloc(scount * sizeof(si_chains[0]));
  300. if (si_chains == NULL)
  301. goto err;
  302. }
  303. cms_certs = CMS_get1_certs(cms);
  304. if (!(flags & CMS_NOCRL))
  305. crls = CMS_get1_crls(cms);
  306. for (i = 0; i < scount; i++) {
  307. si = sk_CMS_SignerInfo_value(sinfos, i);
  308. if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls,
  309. si_chains ? &si_chains[i] : NULL,
  310. ctx))
  311. goto err;
  312. }
  313. }
  314. /* Attempt to verify all SignerInfo signed attribute signatures */
  315. if ((flags & CMS_NO_ATTR_VERIFY) == 0 || cadesVerify) {
  316. for (i = 0; i < scount; i++) {
  317. si = sk_CMS_SignerInfo_value(sinfos, i);
  318. if (CMS_signed_get_attr_count(si) < 0)
  319. continue;
  320. if (CMS_SignerInfo_verify(si) <= 0)
  321. goto err;
  322. if (cadesVerify) {
  323. STACK_OF(X509) *si_chain = si_chains ? si_chains[i] : NULL;
  324. if (ossl_cms_check_signing_certs(si, si_chain) <= 0)
  325. goto err;
  326. }
  327. }
  328. }
  329. /*
  330. * Performance optimization: if the content is a memory BIO then store
  331. * its contents in a temporary read only memory BIO. This avoids
  332. * potentially large numbers of slow copies of data which will occur when
  333. * reading from a read write memory BIO when signatures are calculated.
  334. */
  335. if (dcont != NULL && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
  336. char *ptr;
  337. long len;
  338. len = BIO_get_mem_data(dcont, &ptr);
  339. tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len);
  340. if (tmpin == NULL) {
  341. ERR_raise(ERR_LIB_CMS, ERR_R_BIO_LIB);
  342. goto err2;
  343. }
  344. } else {
  345. tmpin = dcont;
  346. }
  347. /*
  348. * If not binary mode and detached generate digests by *writing* through
  349. * the BIO. That makes it possible to canonicalise the input.
  350. */
  351. if (!(flags & SMIME_BINARY) && dcont) {
  352. /*
  353. * Create output BIO so we can either handle text or to ensure
  354. * included content doesn't override detached content.
  355. */
  356. tmpout = cms_get_text_bio(out, flags);
  357. if (tmpout == NULL) {
  358. ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
  359. goto err;
  360. }
  361. cmsbio = CMS_dataInit(cms, tmpout);
  362. if (cmsbio == NULL)
  363. goto err;
  364. /*
  365. * Don't use SMIME_TEXT for verify: it adds headers and we want to
  366. * remove them.
  367. */
  368. if (!SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT))
  369. goto err;
  370. if (flags & CMS_TEXT) {
  371. if (!SMIME_text(tmpout, out)) {
  372. ERR_raise(ERR_LIB_CMS, CMS_R_SMIME_TEXT_ERROR);
  373. goto err;
  374. }
  375. }
  376. } else {
  377. cmsbio = CMS_dataInit(cms, tmpin);
  378. if (cmsbio == NULL)
  379. goto err;
  380. if (!cms_copy_content(out, cmsbio, flags))
  381. goto err;
  382. }
  383. if (!(flags & CMS_NO_CONTENT_VERIFY)) {
  384. for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
  385. si = sk_CMS_SignerInfo_value(sinfos, i);
  386. if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
  387. ERR_raise(ERR_LIB_CMS, CMS_R_CONTENT_VERIFY_ERROR);
  388. goto err;
  389. }
  390. }
  391. }
  392. ret = 1;
  393. err:
  394. if (!(flags & SMIME_BINARY) && dcont) {
  395. do_free_upto(cmsbio, tmpout);
  396. if (tmpin != dcont)
  397. BIO_free(tmpin);
  398. } else {
  399. if (dcont && (tmpin == dcont))
  400. do_free_upto(cmsbio, dcont);
  401. else
  402. BIO_free_all(cmsbio);
  403. }
  404. if (out != tmpout)
  405. BIO_free_all(tmpout);
  406. err2:
  407. if (si_chains != NULL) {
  408. for (i = 0; i < scount; ++i)
  409. OSSL_STACK_OF_X509_free(si_chains[i]);
  410. OPENSSL_free(si_chains);
  411. }
  412. OSSL_STACK_OF_X509_free(cms_certs);
  413. sk_X509_CRL_pop_free(crls, X509_CRL_free);
  414. return ret;
  415. }
  416. int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
  417. STACK_OF(X509) *certs,
  418. X509_STORE *store, unsigned int flags)
  419. {
  420. int r;
  421. flags &= ~(CMS_DETACHED | CMS_TEXT);
  422. r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
  423. if (r <= 0)
  424. return r;
  425. return ossl_cms_Receipt_verify(rcms, ocms);
  426. }
  427. CMS_ContentInfo *CMS_sign_ex(X509 *signcert, EVP_PKEY *pkey,
  428. STACK_OF(X509) *certs, BIO *data,
  429. unsigned int flags, OSSL_LIB_CTX *libctx,
  430. const char *propq)
  431. {
  432. CMS_ContentInfo *cms;
  433. int i;
  434. cms = CMS_ContentInfo_new_ex(libctx, propq);
  435. if (cms == NULL || !CMS_SignedData_init(cms)) {
  436. ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
  437. goto err;
  438. }
  439. if (flags & CMS_ASCIICRLF
  440. && !CMS_set1_eContentType(cms,
  441. OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF))) {
  442. ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
  443. goto err;
  444. }
  445. if (pkey != NULL && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
  446. ERR_raise(ERR_LIB_CMS, CMS_R_ADD_SIGNER_ERROR);
  447. goto err;
  448. }
  449. for (i = 0; i < sk_X509_num(certs); i++) {
  450. X509 *x = sk_X509_value(certs, i);
  451. if (!CMS_add1_cert(cms, x)) {
  452. ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
  453. goto err;
  454. }
  455. }
  456. if (!(flags & CMS_DETACHED))
  457. CMS_set_detached(cms, 0);
  458. if ((flags & (CMS_STREAM | CMS_PARTIAL))
  459. || CMS_final(cms, data, NULL, flags))
  460. return cms;
  461. else
  462. goto err;
  463. err:
  464. CMS_ContentInfo_free(cms);
  465. return NULL;
  466. }
  467. CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
  468. BIO *data, unsigned int flags)
  469. {
  470. return CMS_sign_ex(signcert, pkey, certs, data, flags, NULL, NULL);
  471. }
  472. CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
  473. X509 *signcert, EVP_PKEY *pkey,
  474. STACK_OF(X509) *certs, unsigned int flags)
  475. {
  476. CMS_SignerInfo *rct_si;
  477. CMS_ContentInfo *cms = NULL;
  478. ASN1_OCTET_STRING **pos, *os;
  479. BIO *rct_cont = NULL;
  480. int r = 0;
  481. const CMS_CTX *ctx = si->cms_ctx;
  482. flags &= ~(CMS_STREAM | CMS_TEXT);
  483. /* Not really detached but avoids content being allocated */
  484. flags |= CMS_PARTIAL | CMS_BINARY | CMS_DETACHED;
  485. if (pkey == NULL || signcert == NULL) {
  486. ERR_raise(ERR_LIB_CMS, CMS_R_NO_KEY_OR_CERT);
  487. return NULL;
  488. }
  489. /* Initialize signed data */
  490. cms = CMS_sign_ex(NULL, NULL, certs, NULL, flags,
  491. ossl_cms_ctx_get0_libctx(ctx),
  492. ossl_cms_ctx_get0_propq(ctx));
  493. if (cms == NULL)
  494. goto err;
  495. /* Set inner content type to signed receipt */
  496. if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
  497. goto err;
  498. rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
  499. if (!rct_si) {
  500. ERR_raise(ERR_LIB_CMS, CMS_R_ADD_SIGNER_ERROR);
  501. goto err;
  502. }
  503. os = ossl_cms_encode_Receipt(si);
  504. if (os == NULL)
  505. goto err;
  506. /* Set content to digest */
  507. rct_cont = BIO_new_mem_buf(os->data, os->length);
  508. if (rct_cont == NULL)
  509. goto err;
  510. /* Add msgSigDigest attribute */
  511. if (!ossl_cms_msgSigDigest_add1(rct_si, si))
  512. goto err;
  513. /* Finalize structure */
  514. if (!CMS_final(cms, rct_cont, NULL, flags))
  515. goto err;
  516. /* Set embedded content */
  517. pos = CMS_get0_content(cms);
  518. if (pos == NULL)
  519. goto err;
  520. *pos = os;
  521. r = 1;
  522. err:
  523. BIO_free(rct_cont);
  524. if (r)
  525. return cms;
  526. CMS_ContentInfo_free(cms);
  527. return NULL;
  528. }
  529. CMS_ContentInfo *CMS_encrypt_ex(STACK_OF(X509) *certs, BIO *data,
  530. const EVP_CIPHER *cipher, unsigned int flags,
  531. OSSL_LIB_CTX *libctx, const char *propq)
  532. {
  533. CMS_ContentInfo *cms;
  534. int i;
  535. X509 *recip;
  536. cms = (EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
  537. ? CMS_AuthEnvelopedData_create_ex(cipher, libctx, propq)
  538. : CMS_EnvelopedData_create_ex(cipher, libctx, propq);
  539. if (cms == NULL) {
  540. ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
  541. goto err;
  542. }
  543. for (i = 0; i < sk_X509_num(certs); i++) {
  544. recip = sk_X509_value(certs, i);
  545. if (!CMS_add1_recipient_cert(cms, recip, flags)) {
  546. ERR_raise(ERR_LIB_CMS, CMS_R_RECIPIENT_ERROR);
  547. goto err;
  548. }
  549. }
  550. if (!(flags & CMS_DETACHED))
  551. CMS_set_detached(cms, 0);
  552. if ((flags & (CMS_STREAM | CMS_PARTIAL))
  553. || CMS_final(cms, data, NULL, flags))
  554. return cms;
  555. else
  556. ERR_raise(ERR_LIB_CMS, ERR_R_CMS_LIB);
  557. err:
  558. CMS_ContentInfo_free(cms);
  559. return NULL;
  560. }
  561. CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
  562. const EVP_CIPHER *cipher, unsigned int flags)
  563. {
  564. return CMS_encrypt_ex(certs, data, cipher, flags, NULL, NULL);
  565. }
  566. static int cms_kari_set1_pkey_and_peer(CMS_ContentInfo *cms,
  567. CMS_RecipientInfo *ri,
  568. EVP_PKEY *pk, X509 *cert, X509 *peer)
  569. {
  570. int i;
  571. STACK_OF(CMS_RecipientEncryptedKey) *reks;
  572. CMS_RecipientEncryptedKey *rek;
  573. reks = CMS_RecipientInfo_kari_get0_reks(ri);
  574. for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
  575. int rv;
  576. rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
  577. if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
  578. continue;
  579. CMS_RecipientInfo_kari_set0_pkey_and_peer(ri, pk, peer);
  580. rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
  581. CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
  582. if (rv > 0)
  583. return 1;
  584. return cert == NULL ? 0 : -1;
  585. }
  586. return 0;
  587. }
  588. int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
  589. {
  590. return CMS_decrypt_set1_pkey_and_peer(cms, pk, cert, NULL);
  591. }
  592. int CMS_decrypt_set1_pkey_and_peer(CMS_ContentInfo *cms, EVP_PKEY *pk,
  593. X509 *cert, X509 *peer)
  594. {
  595. STACK_OF(CMS_RecipientInfo) *ris;
  596. CMS_RecipientInfo *ri;
  597. int i, r, cms_pkey_ri_type;
  598. int debug = 0, match_ri = 0;
  599. ris = CMS_get0_RecipientInfos(cms);
  600. if (ris != NULL)
  601. debug = ossl_cms_get0_env_enc_content(cms)->debug;
  602. cms_pkey_ri_type = ossl_cms_pkey_get_ri_type(pk);
  603. if (cms_pkey_ri_type == CMS_RECIPINFO_NONE) {
  604. ERR_raise(ERR_LIB_CMS, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  605. return 0;
  606. }
  607. for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
  608. int ri_type;
  609. ri = sk_CMS_RecipientInfo_value(ris, i);
  610. ri_type = CMS_RecipientInfo_type(ri);
  611. if (!ossl_cms_pkey_is_ri_type_supported(pk, ri_type))
  612. continue;
  613. match_ri = 1;
  614. if (ri_type == CMS_RECIPINFO_AGREE) {
  615. r = cms_kari_set1_pkey_and_peer(cms, ri, pk, cert, peer);
  616. if (r > 0)
  617. return 1;
  618. if (r < 0)
  619. return 0;
  620. }
  621. /*
  622. * If we have a cert try matching RecipientInfo otherwise try them
  623. * all.
  624. */
  625. else if (cert == NULL|| !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
  626. EVP_PKEY_up_ref(pk);
  627. CMS_RecipientInfo_set0_pkey(ri, pk);
  628. r = CMS_RecipientInfo_decrypt(cms, ri);
  629. CMS_RecipientInfo_set0_pkey(ri, NULL);
  630. if (cert != NULL) {
  631. /*
  632. * If not debugging clear any error and return success to
  633. * avoid leaking of information useful to MMA
  634. */
  635. if (!debug) {
  636. ERR_clear_error();
  637. return 1;
  638. }
  639. if (r > 0)
  640. return 1;
  641. ERR_raise(ERR_LIB_CMS, CMS_R_DECRYPT_ERROR);
  642. return 0;
  643. }
  644. /*
  645. * If no cert and not debugging don't leave loop after first
  646. * successful decrypt. Always attempt to decrypt all recipients
  647. * to avoid leaking timing of a successful decrypt.
  648. */
  649. else if (r > 0 && (debug || cms_pkey_ri_type != CMS_RECIPINFO_TRANS))
  650. return 1;
  651. }
  652. }
  653. /* If no cert, key transport and not debugging always return success */
  654. if (cert == NULL
  655. && cms_pkey_ri_type == CMS_RECIPINFO_TRANS
  656. && match_ri
  657. && !debug) {
  658. ERR_clear_error();
  659. return 1;
  660. }
  661. ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
  662. return 0;
  663. }
  664. int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
  665. unsigned char *key, size_t keylen,
  666. const unsigned char *id, size_t idlen)
  667. {
  668. STACK_OF(CMS_RecipientInfo) *ris;
  669. CMS_RecipientInfo *ri;
  670. int i, r;
  671. ris = CMS_get0_RecipientInfos(cms);
  672. for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
  673. ri = sk_CMS_RecipientInfo_value(ris, i);
  674. if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
  675. continue;
  676. /*
  677. * If we have an id try matching RecipientInfo otherwise try them
  678. * all.
  679. */
  680. if (id == NULL || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
  681. CMS_RecipientInfo_set0_key(ri, key, keylen);
  682. r = CMS_RecipientInfo_decrypt(cms, ri);
  683. CMS_RecipientInfo_set0_key(ri, NULL, 0);
  684. if (r > 0)
  685. return 1;
  686. if (id != NULL) {
  687. ERR_raise(ERR_LIB_CMS, CMS_R_DECRYPT_ERROR);
  688. return 0;
  689. }
  690. ERR_clear_error();
  691. }
  692. }
  693. ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
  694. return 0;
  695. }
  696. int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
  697. unsigned char *pass, ossl_ssize_t passlen)
  698. {
  699. STACK_OF(CMS_RecipientInfo) *ris;
  700. CMS_RecipientInfo *ri;
  701. int i, r;
  702. ris = CMS_get0_RecipientInfos(cms);
  703. for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
  704. ri = sk_CMS_RecipientInfo_value(ris, i);
  705. if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
  706. continue;
  707. CMS_RecipientInfo_set0_password(ri, pass, passlen);
  708. r = CMS_RecipientInfo_decrypt(cms, ri);
  709. CMS_RecipientInfo_set0_password(ri, NULL, 0);
  710. if (r > 0)
  711. return 1;
  712. }
  713. ERR_raise(ERR_LIB_CMS, CMS_R_NO_MATCHING_RECIPIENT);
  714. return 0;
  715. }
  716. int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
  717. BIO *dcont, BIO *out, unsigned int flags)
  718. {
  719. int r;
  720. BIO *cont;
  721. int nid = OBJ_obj2nid(CMS_get0_type(cms));
  722. if (nid != NID_pkcs7_enveloped
  723. && nid != NID_id_smime_ct_authEnvelopedData) {
  724. ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_ENVELOPED_DATA);
  725. return 0;
  726. }
  727. if (dcont == NULL && !check_content(cms))
  728. return 0;
  729. if (flags & CMS_DEBUG_DECRYPT)
  730. ossl_cms_get0_env_enc_content(cms)->debug = 1;
  731. else
  732. ossl_cms_get0_env_enc_content(cms)->debug = 0;
  733. if (cert == NULL)
  734. ossl_cms_get0_env_enc_content(cms)->havenocert = 1;
  735. else
  736. ossl_cms_get0_env_enc_content(cms)->havenocert = 0;
  737. if (pk == NULL && cert == NULL && dcont == NULL && out == NULL)
  738. return 1;
  739. if (pk != NULL && !CMS_decrypt_set1_pkey(cms, pk, cert))
  740. return 0;
  741. cont = CMS_dataInit(cms, dcont);
  742. if (cont == NULL)
  743. return 0;
  744. r = cms_copy_content(out, cont, flags);
  745. do_free_upto(cont, dcont);
  746. return r;
  747. }
  748. int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
  749. {
  750. BIO *cmsbio;
  751. int ret = 0;
  752. if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
  753. ERR_raise(ERR_LIB_CMS, CMS_R_CMS_LIB);
  754. return 0;
  755. }
  756. if (!SMIME_crlf_copy(data, cmsbio, flags)) {
  757. goto err;
  758. }
  759. (void)BIO_flush(cmsbio);
  760. if (!CMS_dataFinal(cms, cmsbio)) {
  761. ERR_raise(ERR_LIB_CMS, CMS_R_CMS_DATAFINAL_ERROR);
  762. goto err;
  763. }
  764. ret = 1;
  765. err:
  766. do_free_upto(cmsbio, dcont);
  767. return ret;
  768. }
  769. int CMS_final_digest(CMS_ContentInfo *cms,
  770. const unsigned char *md, unsigned int mdlen,
  771. BIO *dcont, unsigned int flags)
  772. {
  773. BIO *cmsbio;
  774. int ret = 0;
  775. if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
  776. ERR_raise(ERR_LIB_CMS, CMS_R_CMS_LIB);
  777. return 0;
  778. }
  779. (void)BIO_flush(cmsbio);
  780. if (!ossl_cms_DataFinal(cms, cmsbio, md, mdlen)) {
  781. ERR_raise(ERR_LIB_CMS, CMS_R_CMS_DATAFINAL_ERROR);
  782. goto err;
  783. }
  784. ret = 1;
  785. err:
  786. do_free_upto(cmsbio, dcont);
  787. return ret;
  788. }
  789. #ifndef OPENSSL_NO_ZLIB
  790. int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
  791. unsigned int flags)
  792. {
  793. BIO *cont;
  794. int r;
  795. if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
  796. ERR_raise(ERR_LIB_CMS, CMS_R_TYPE_NOT_COMPRESSED_DATA);
  797. return 0;
  798. }
  799. if (dcont == NULL && !check_content(cms))
  800. return 0;
  801. cont = CMS_dataInit(cms, dcont);
  802. if (cont == NULL)
  803. return 0;
  804. r = cms_copy_content(out, cont, flags);
  805. do_free_upto(cont, dcont);
  806. return r;
  807. }
  808. CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
  809. {
  810. CMS_ContentInfo *cms;
  811. if (comp_nid <= 0)
  812. comp_nid = NID_zlib_compression;
  813. cms = ossl_cms_CompressedData_create(comp_nid, NULL, NULL);
  814. if (cms == NULL)
  815. return NULL;
  816. if (!(flags & CMS_DETACHED))
  817. CMS_set_detached(cms, 0);
  818. if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
  819. return cms;
  820. CMS_ContentInfo_free(cms);
  821. return NULL;
  822. }
  823. #else
  824. int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
  825. unsigned int flags)
  826. {
  827. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
  828. return 0;
  829. }
  830. CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
  831. {
  832. ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
  833. return NULL;
  834. }
  835. #endif