diff options
Diffstat (limited to 'deps/openssl/openssl/crypto/cms')
-rw-r--r-- | deps/openssl/openssl/crypto/cms/Makefile | 305 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/build.info | 5 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms.h | 555 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_asn1.c | 126 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_att.c | 65 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_cd.c | 74 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_dd.c | 84 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_enc.c | 78 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_env.c | 144 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_err.c | 103 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_ess.c | 81 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_io.c | 63 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_kari.c | 111 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_lcl.h | 79 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_lib.c | 133 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_pwri.c | 173 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_sd.c | 194 | ||||
-rw-r--r-- | deps/openssl/openssl/crypto/cms/cms_smime.c | 212 |
18 files changed, 516 insertions, 2069 deletions
diff --git a/deps/openssl/openssl/crypto/cms/Makefile b/deps/openssl/openssl/crypto/cms/Makefile deleted file mode 100644 index 6f3a832026..0000000000 --- a/deps/openssl/openssl/crypto/cms/Makefile +++ /dev/null @@ -1,305 +0,0 @@ -# -# OpenSSL/crypto/cms/Makefile -# - -DIR= cms -TOP= ../.. -CC= cc -INCLUDES= -I.. -I$(TOP) -I../../include -CFLAG=-g -MAKEFILE= Makefile -AR= ar r - -CFLAGS= $(INCLUDES) $(CFLAG) - -GENERAL=Makefile -TEST= -APPS= - -LIB=$(TOP)/libcrypto.a -LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \ - cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \ - cms_pwri.c cms_kari.c -LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \ - cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o \ - cms_pwri.o cms_kari.o - -SRC= $(LIBSRC) - -EXHEADER= cms.h -HEADER= cms_lcl.h $(EXHEADER) - -ALL= $(GENERAL) $(SRC) $(HEADER) - -top: - (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all) - -test: - -all: lib - -lib: $(LIBOBJ) - $(AR) $(LIB) $(LIBOBJ) - $(RANLIB) $(LIB) || echo Never mind. - @touch lib - -files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO - -links: - @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) - @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) - @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) - -install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - @headerlist="$(EXHEADER)"; for i in $$headerlist ; \ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ - done; - -tags: - ctags $(SRC) - -tests: - -lint: - lint -DLINT $(INCLUDES) $(SRC)>fluff - -update: depend - -depend: - @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile... - $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC) - -dclean: - $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new - mv -f Makefile.new $(MAKEFILE) - -clean: - rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -# DO NOT DELETE THIS LINE -- make depend depends on it. - -cms_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -cms_asn1.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -cms_asn1.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -cms_asn1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -cms_asn1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -cms_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -cms_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -cms_asn1.o: ../../include/openssl/opensslconf.h -cms_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_asn1.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -cms_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -cms_asn1.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -cms_asn1.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -cms_asn1.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_asn1.o: cms.h cms_asn1.c cms_lcl.h -cms_att.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -cms_att.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -cms_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -cms_att.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -cms_att.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -cms_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h -cms_att.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -cms_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -cms_att.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_att.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -cms_att.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_att.o: cms.h cms_att.c cms_lcl.h -cms_cd.o: ../../e_os.h ../../include/openssl/asn1.h -cms_cd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -cms_cd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h -cms_cd.o: ../../include/openssl/comp.h ../../include/openssl/conf.h -cms_cd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -cms_cd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -cms_cd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -cms_cd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -cms_cd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -cms_cd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cms_cd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -cms_cd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -cms_cd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -cms_cd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cms_cd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_cd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_cd.c cms_lcl.h -cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h -cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h -cms_dd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -cms_dd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -cms_dd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -cms_dd.o: ../../include/openssl/err.h ../../include/openssl/evp.h -cms_dd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -cms_dd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -cms_dd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_dd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -cms_dd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -cms_dd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -cms_dd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -cms_dd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_dd.o: ../cryptlib.h cms_dd.c cms_lcl.h -cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h -cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h -cms_enc.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -cms_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -cms_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -cms_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h -cms_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -cms_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -cms_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_enc.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -cms_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -cms_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -cms_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cms_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_enc.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_enc.c cms_lcl.h -cms_env.o: ../../e_os.h ../../include/openssl/aes.h -cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -cms_env.o: ../../include/openssl/cms.h ../../include/openssl/conf.h -cms_env.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -cms_env.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -cms_env.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -cms_env.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -cms_env.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -cms_env.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cms_env.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -cms_env.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -cms_env.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h -cms_env.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -cms_env.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -cms_env.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_env.o: ../asn1/asn1_locl.h ../cryptlib.h cms_env.c cms_lcl.h -cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h -cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h -cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -cms_err.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -cms_err.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -cms_err.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -cms_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -cms_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cms_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h -cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_err.o: cms_err.c -cms_ess.o: ../../e_os.h ../../include/openssl/asn1.h -cms_ess.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -cms_ess.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h -cms_ess.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -cms_ess.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -cms_ess.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -cms_ess.o: ../../include/openssl/err.h ../../include/openssl/evp.h -cms_ess.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -cms_ess.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -cms_ess.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_ess.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -cms_ess.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -cms_ess.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -cms_ess.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cms_ess.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_ess.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_ess.c cms_lcl.h -cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -cms_io.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -cms_io.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -cms_io.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -cms_io.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -cms_io.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -cms_io.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h -cms_io.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h -cms_io.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -cms_io.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cms_io.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h -cms_io.o: cms_io.c cms_lcl.h -cms_kari.o: ../../e_os.h ../../include/openssl/aes.h -cms_kari.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -cms_kari.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -cms_kari.o: ../../include/openssl/cms.h ../../include/openssl/conf.h -cms_kari.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -cms_kari.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -cms_kari.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -cms_kari.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -cms_kari.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -cms_kari.o: ../../include/openssl/opensslconf.h -cms_kari.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_kari.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -cms_kari.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -cms_kari.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -cms_kari.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cms_kari.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_kari.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h -cms_kari.o: cms_kari.c cms_lcl.h -cms_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -cms_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -cms_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -cms_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -cms_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -cms_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h -cms_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -cms_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -cms_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -cms_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -cms_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -cms_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -cms_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_lib.o: cms.h cms_lcl.h cms_lib.c -cms_pwri.o: ../../e_os.h ../../include/openssl/aes.h -cms_pwri.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h -cms_pwri.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h -cms_pwri.o: ../../include/openssl/cms.h ../../include/openssl/conf.h -cms_pwri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h -cms_pwri.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h -cms_pwri.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h -cms_pwri.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h -cms_pwri.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h -cms_pwri.o: ../../include/openssl/opensslconf.h -cms_pwri.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_pwri.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -cms_pwri.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h -cms_pwri.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h -cms_pwri.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h -cms_pwri.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h -cms_pwri.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h -cms_pwri.o: cms_lcl.h cms_pwri.c -cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h -cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h -cms_sd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -cms_sd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -cms_sd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -cms_sd.o: ../../include/openssl/err.h ../../include/openssl/evp.h -cms_sd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -cms_sd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h -cms_sd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_sd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h -cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_sd.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_sd.c -cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h -cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h -cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h -cms_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h -cms_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h -cms_smime.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h -cms_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h -cms_smime.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h -cms_smime.o: ../../include/openssl/objects.h -cms_smime.o: ../../include/openssl/opensslconf.h -cms_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h -cms_smime.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h -cms_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h -cms_smime.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h -cms_smime.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h -cms_smime.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_smime.c diff --git a/deps/openssl/openssl/crypto/cms/build.info b/deps/openssl/openssl/crypto/cms/build.info new file mode 100644 index 0000000000..cb675436ef --- /dev/null +++ b/deps/openssl/openssl/crypto/cms/build.info @@ -0,0 +1,5 @@ +LIBS=../../libcrypto +SOURCE[../../libcrypto]= \ + cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \ + cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \ + cms_pwri.c cms_kari.c diff --git a/deps/openssl/openssl/crypto/cms/cms.h b/deps/openssl/openssl/crypto/cms/cms.h deleted file mode 100644 index e6c7f964bf..0000000000 --- a/deps/openssl/openssl/crypto/cms/cms.h +++ /dev/null @@ -1,555 +0,0 @@ -/* crypto/cms/cms.h */ -/* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - */ - -#ifndef HEADER_CMS_H -# define HEADER_CMS_H - -# include <openssl/x509.h> - -# ifdef OPENSSL_NO_CMS -# error CMS is disabled. -# endif - -#ifdef __cplusplus -extern "C" { -#endif - -typedef struct CMS_ContentInfo_st CMS_ContentInfo; -typedef struct CMS_SignerInfo_st CMS_SignerInfo; -typedef struct CMS_CertificateChoices CMS_CertificateChoices; -typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice; -typedef struct CMS_RecipientInfo_st CMS_RecipientInfo; -typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest; -typedef struct CMS_Receipt_st CMS_Receipt; -typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey; -typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute; - -DECLARE_STACK_OF(CMS_SignerInfo) -DECLARE_STACK_OF(GENERAL_NAMES) -DECLARE_STACK_OF(CMS_RecipientEncryptedKey) -DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo) -DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest) -DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo) - -# define CMS_SIGNERINFO_ISSUER_SERIAL 0 -# define CMS_SIGNERINFO_KEYIDENTIFIER 1 - -# define CMS_RECIPINFO_NONE -1 -# define CMS_RECIPINFO_TRANS 0 -# define CMS_RECIPINFO_AGREE 1 -# define CMS_RECIPINFO_KEK 2 -# define CMS_RECIPINFO_PASS 3 -# define CMS_RECIPINFO_OTHER 4 - -/* S/MIME related flags */ - -# define CMS_TEXT 0x1 -# define CMS_NOCERTS 0x2 -# define CMS_NO_CONTENT_VERIFY 0x4 -# define CMS_NO_ATTR_VERIFY 0x8 -# define CMS_NOSIGS \ - (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY) -# define CMS_NOINTERN 0x10 -# define CMS_NO_SIGNER_CERT_VERIFY 0x20 -# define CMS_NOVERIFY 0x20 -# define CMS_DETACHED 0x40 -# define CMS_BINARY 0x80 -# define CMS_NOATTR 0x100 -# define CMS_NOSMIMECAP 0x200 -# define CMS_NOOLDMIMETYPE 0x400 -# define CMS_CRLFEOL 0x800 -# define CMS_STREAM 0x1000 -# define CMS_NOCRL 0x2000 -# define CMS_PARTIAL 0x4000 -# define CMS_REUSE_DIGEST 0x8000 -# define CMS_USE_KEYID 0x10000 -# define CMS_DEBUG_DECRYPT 0x20000 -# define CMS_KEY_PARAM 0x40000 - -const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms); - -BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont); -int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio); - -ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms); -int CMS_is_detached(CMS_ContentInfo *cms); -int CMS_set_detached(CMS_ContentInfo *cms, int detached); - -# ifdef HEADER_PEM_H -DECLARE_PEM_rw_const(CMS, CMS_ContentInfo) -# endif -int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms); -CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms); -int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms); - -BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms); -int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags); -int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, - int flags); -CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont); -int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags); - -int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, - unsigned int flags); - -CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, BIO *data, - unsigned int flags); - -CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, - X509 *signcert, EVP_PKEY *pkey, - STACK_OF(X509) *certs, unsigned int flags); - -int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags); -CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags); - -int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags); -CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md, - unsigned int flags); - -int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, - const unsigned char *key, size_t keylen, - BIO *dcont, BIO *out, unsigned int flags); - -CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, - const unsigned char *key, - size_t keylen, unsigned int flags); - -int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph, - const unsigned char *key, size_t keylen); - -int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags); - -int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms, - STACK_OF(X509) *certs, - X509_STORE *store, unsigned int flags); - -STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms); - -CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in, - const EVP_CIPHER *cipher, unsigned int flags); - -int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, - BIO *dcont, BIO *out, unsigned int flags); - -int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert); -int CMS_decrypt_set1_key(CMS_ContentInfo *cms, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen); -int CMS_decrypt_set1_password(CMS_ContentInfo *cms, - unsigned char *pass, ossl_ssize_t passlen); - -STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms); -int CMS_RecipientInfo_type(CMS_RecipientInfo *ri); -EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri); -CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher); -CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, - X509 *recip, unsigned int flags); -int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey); -int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert); -int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, - EVP_PKEY **pk, X509 **recip, - X509_ALGOR **palg); -int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); - -CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, - unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen, - ASN1_GENERALIZEDTIME *date, - ASN1_OBJECT *otherTypeId, - ASN1_TYPE *otherType); - -int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pid, - ASN1_GENERALIZEDTIME **pdate, - ASN1_OBJECT **potherid, - ASN1_TYPE **pothertype); - -int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, - unsigned char *key, size_t keylen); - -int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, - const unsigned char *id, size_t idlen); - -int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, - unsigned char *pass, - ossl_ssize_t passlen); - -CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, - int iter, int wrap_nid, - int pbe_nid, - unsigned char *pass, - ossl_ssize_t passlen, - const EVP_CIPHER *kekciph); - -int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); -int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri); - -int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, - unsigned int flags); -CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags); - -int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid); -const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms); - -CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms); -int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert); -int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert); -STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms); - -CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms); -int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl); -int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl); -STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms); - -int CMS_SignedData_init(CMS_ContentInfo *cms); -CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, - X509 *signer, EVP_PKEY *pk, const EVP_MD *md, - unsigned int flags); -EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si); -EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si); -STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms); - -void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer); -int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, ASN1_INTEGER **sno); -int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert); -int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs, - unsigned int flags); -void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, - X509 **signer, X509_ALGOR **pdig, - X509_ALGOR **psig); -ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si); -int CMS_SignerInfo_sign(CMS_SignerInfo *si); -int CMS_SignerInfo_verify(CMS_SignerInfo *si); -int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain); - -int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs); -int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, - int algnid, int keysize); -int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap); - -int CMS_signed_get_attr_count(const CMS_SignerInfo *si); -int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); -int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, - int lastpos); -X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc); -X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc); -int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); -int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len); -int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len); -int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len); -void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type); - -int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si); -int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, - int lastpos); -int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, - int lastpos); -X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc); -X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc); -int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr); -int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, - const ASN1_OBJECT *obj, int type, - const void *bytes, int len); -int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, - int nid, int type, - const void *bytes, int len); -int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, - const char *attrname, int type, - const void *bytes, int len); -void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, - int lastpos, int type); - -# ifdef HEADER_X509V3_H - -int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr); -CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, - int allorfirst, - STACK_OF(GENERAL_NAMES) - *receiptList, STACK_OF(GENERAL_NAMES) - *receiptsTo); -int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr); -void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, - ASN1_STRING **pcid, - int *pallorfirst, - STACK_OF(GENERAL_NAMES) **plist, - STACK_OF(GENERAL_NAMES) **prto); -# endif -int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, - X509_ALGOR **palg, - ASN1_OCTET_STRING **pukm); -STACK_OF(CMS_RecipientEncryptedKey) -*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri); - -int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, - X509_ALGOR **pubalg, - ASN1_BIT_STRING **pubkey, - ASN1_OCTET_STRING **keyid, - X509_NAME **issuer, - ASN1_INTEGER **sno); - -int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert); - -int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek, - ASN1_OCTET_STRING **keyid, - ASN1_GENERALIZEDTIME **tm, - CMS_OtherKeyAttribute **other, - X509_NAME **issuer, ASN1_INTEGER **sno); -int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, - X509 *cert); -int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk); -EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri); -int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, - CMS_RecipientInfo *ri, - CMS_RecipientEncryptedKey *rek); - -int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, - ASN1_OCTET_STRING *ukm, int keylen); - -/* BEGIN ERROR CODES */ -/* - * The following lines are auto generated by the script mkerr.pl. Any changes - * made after this point may be overwritten when the script is next run. - */ -void ERR_load_CMS_strings(void); - -/* Error codes for the CMS functions. */ - -/* Function codes. */ -# define CMS_F_CHECK_CONTENT 99 -# define CMS_F_CMS_ADD0_CERT 164 -# define CMS_F_CMS_ADD0_RECIPIENT_KEY 100 -# define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD 165 -# define CMS_F_CMS_ADD1_RECEIPTREQUEST 158 -# define CMS_F_CMS_ADD1_RECIPIENT_CERT 101 -# define CMS_F_CMS_ADD1_SIGNER 102 -# define CMS_F_CMS_ADD1_SIGNINGTIME 103 -# define CMS_F_CMS_COMPRESS 104 -# define CMS_F_CMS_COMPRESSEDDATA_CREATE 105 -# define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO 106 -# define CMS_F_CMS_COPY_CONTENT 107 -# define CMS_F_CMS_COPY_MESSAGEDIGEST 108 -# define CMS_F_CMS_DATA 109 -# define CMS_F_CMS_DATAFINAL 110 -# define CMS_F_CMS_DATAINIT 111 -# define CMS_F_CMS_DECRYPT 112 -# define CMS_F_CMS_DECRYPT_SET1_KEY 113 -# define CMS_F_CMS_DECRYPT_SET1_PASSWORD 166 -# define CMS_F_CMS_DECRYPT_SET1_PKEY 114 -# define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX 115 -# define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO 116 -# define CMS_F_CMS_DIGESTEDDATA_DO_FINAL 117 -# define CMS_F_CMS_DIGEST_VERIFY 118 -# define CMS_F_CMS_ENCODE_RECEIPT 161 -# define CMS_F_CMS_ENCRYPT 119 -# define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO 120 -# define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT 121 -# define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT 122 -# define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY 123 -# define CMS_F_CMS_ENVELOPEDDATA_CREATE 124 -# define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO 125 -# define CMS_F_CMS_ENVELOPED_DATA_INIT 126 -# define CMS_F_CMS_ENV_ASN1_CTRL 171 -# define CMS_F_CMS_FINAL 127 -# define CMS_F_CMS_GET0_CERTIFICATE_CHOICES 128 -# define CMS_F_CMS_GET0_CONTENT 129 -# define CMS_F_CMS_GET0_ECONTENT_TYPE 130 -# define CMS_F_CMS_GET0_ENVELOPED 131 -# define CMS_F_CMS_GET0_REVOCATION_CHOICES 132 -# define CMS_F_CMS_GET0_SIGNED 133 -# define CMS_F_CMS_MSGSIGDIGEST_ADD1 162 -# define CMS_F_CMS_RECEIPTREQUEST_CREATE0 159 -# define CMS_F_CMS_RECEIPT_VERIFY 160 -# define CMS_F_CMS_RECIPIENTINFO_DECRYPT 134 -# define CMS_F_CMS_RECIPIENTINFO_ENCRYPT 169 -# define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT 178 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG 175 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID 173 -# define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS 172 -# define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP 174 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT 135 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT 136 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID 137 -# define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP 138 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP 139 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT 140 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT 141 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS 142 -# define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID 143 -# define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT 167 -# define CMS_F_CMS_RECIPIENTINFO_SET0_KEY 144 -# define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD 168 -# define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY 145 -# define CMS_F_CMS_SD_ASN1_CTRL 170 -# define CMS_F_CMS_SET1_IAS 176 -# define CMS_F_CMS_SET1_KEYID 177 -# define CMS_F_CMS_SET1_SIGNERIDENTIFIER 146 -# define CMS_F_CMS_SET_DETACHED 147 -# define CMS_F_CMS_SIGN 148 -# define CMS_F_CMS_SIGNED_DATA_INIT 149 -# define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN 150 -# define CMS_F_CMS_SIGNERINFO_SIGN 151 -# define CMS_F_CMS_SIGNERINFO_VERIFY 152 -# define CMS_F_CMS_SIGNERINFO_VERIFY_CERT 153 -# define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT 154 -# define CMS_F_CMS_SIGN_RECEIPT 163 -# define CMS_F_CMS_STREAM 155 -# define CMS_F_CMS_UNCOMPRESS 156 -# define CMS_F_CMS_VERIFY 157 - -/* Reason codes. */ -# define CMS_R_ADD_SIGNER_ERROR 99 -# define CMS_R_CERTIFICATE_ALREADY_PRESENT 175 -# define CMS_R_CERTIFICATE_HAS_NO_KEYID 160 -# define CMS_R_CERTIFICATE_VERIFY_ERROR 100 -# define CMS_R_CIPHER_INITIALISATION_ERROR 101 -# define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR 102 -# define CMS_R_CMS_DATAFINAL_ERROR 103 -# define CMS_R_CMS_LIB 104 -# define CMS_R_CONTENTIDENTIFIER_MISMATCH 170 -# define CMS_R_CONTENT_NOT_FOUND 105 -# define CMS_R_CONTENT_TYPE_MISMATCH 171 -# define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA 106 -# define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA 107 -# define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA 108 -# define CMS_R_CONTENT_VERIFY_ERROR 109 -# define CMS_R_CTRL_ERROR 110 -# define CMS_R_CTRL_FAILURE 111 -# define CMS_R_DECRYPT_ERROR 112 -# define CMS_R_DIGEST_ERROR 161 -# define CMS_R_ERROR_GETTING_PUBLIC_KEY 113 -# define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE 114 -# define CMS_R_ERROR_SETTING_KEY 115 -# define CMS_R_ERROR_SETTING_RECIPIENTINFO 116 -# define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH 117 -# define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER 176 -# define CMS_R_INVALID_KEY_LENGTH 118 -# define CMS_R_MD_BIO_INIT_ERROR 119 -# define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH 120 -# define CMS_R_MESSAGEDIGEST_WRONG_LENGTH 121 -# define CMS_R_MSGSIGDIGEST_ERROR 172 -# define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE 162 -# define CMS_R_MSGSIGDIGEST_WRONG_LENGTH 163 -# define CMS_R_NEED_ONE_SIGNER 164 -# define CMS_R_NOT_A_SIGNED_RECEIPT 165 -# define CMS_R_NOT_ENCRYPTED_DATA 122 -# define CMS_R_NOT_KEK 123 -# define CMS_R_NOT_KEY_AGREEMENT 181 -# define CMS_R_NOT_KEY_TRANSPORT 124 -# define CMS_R_NOT_PWRI 177 -# define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 125 -# define CMS_R_NO_CIPHER 126 -# define CMS_R_NO_CONTENT 127 -# define CMS_R_NO_CONTENT_TYPE 173 -# define CMS_R_NO_DEFAULT_DIGEST 128 -# define CMS_R_NO_DIGEST_SET 129 -# define CMS_R_NO_KEY 130 -# define CMS_R_NO_KEY_OR_CERT 174 -# define CMS_R_NO_MATCHING_DIGEST 131 -# define CMS_R_NO_MATCHING_RECIPIENT 132 -# define CMS_R_NO_MATCHING_SIGNATURE 166 -# define CMS_R_NO_MSGSIGDIGEST 167 -# define CMS_R_NO_PASSWORD 178 -# define CMS_R_NO_PRIVATE_KEY 133 -# define CMS_R_NO_PUBLIC_KEY 134 -# define CMS_R_NO_RECEIPT_REQUEST 168 -# define CMS_R_NO_SIGNERS 135 -# define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 136 -# define CMS_R_RECEIPT_DECODE_ERROR 169 -# define CMS_R_RECIPIENT_ERROR 137 -# define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND 138 -# define CMS_R_SIGNFINAL_ERROR 139 -# define CMS_R_SMIME_TEXT_ERROR 140 -# define CMS_R_STORE_INIT_ERROR 141 -# define CMS_R_TYPE_NOT_COMPRESSED_DATA 142 -# define CMS_R_TYPE_NOT_DATA 143 -# define CMS_R_TYPE_NOT_DIGESTED_DATA 144 -# define CMS_R_TYPE_NOT_ENCRYPTED_DATA 145 -# define CMS_R_TYPE_NOT_ENVELOPED_DATA 146 -# define CMS_R_UNABLE_TO_FINALIZE_CONTEXT 147 -# define CMS_R_UNKNOWN_CIPHER 148 -# define CMS_R_UNKNOWN_DIGEST_ALGORIHM 149 -# define CMS_R_UNKNOWN_ID 150 -# define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM 151 -# define CMS_R_UNSUPPORTED_CONTENT_TYPE 152 -# define CMS_R_UNSUPPORTED_KEK_ALGORITHM 153 -# define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM 179 -# define CMS_R_UNSUPPORTED_RECIPIENT_TYPE 154 -# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE 155 -# define CMS_R_UNSUPPORTED_TYPE 156 -# define CMS_R_UNWRAP_ERROR 157 -# define CMS_R_UNWRAP_FAILURE 180 -# define CMS_R_VERIFICATION_FAILURE 158 -# define CMS_R_WRAP_ERROR 159 - -#ifdef __cplusplus -} -#endif -#endif diff --git a/deps/openssl/openssl/crypto/cms/cms_asn1.c b/deps/openssl/openssl/crypto/cms/cms_asn1.c index 81a3407f12..0a594f41d9 100644 --- a/deps/openssl/openssl/crypto/cms/cms_asn1.c +++ b/deps/openssl/openssl/crypto/cms/cms_asn1.c @@ -1,61 +1,16 @@ -/* crypto/cms/cms_asn1.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/x509v3.h> -#include "cms.h" +#include <openssl/cms.h> #include "cms_lcl.h" @@ -67,7 +22,7 @@ ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = { ASN1_SEQUENCE(CMS_OtherCertificateFormat) = { ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT), ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY) -} ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) +} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat) ASN1_CHOICE(CMS_CertificateChoices) = { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), @@ -80,12 +35,12 @@ ASN1_CHOICE(CMS_CertificateChoices) = { ASN1_CHOICE(CMS_SignerIdentifier) = { ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0) -} ASN1_CHOICE_END(CMS_SignerIdentifier) +} static_ASN1_CHOICE_END(CMS_SignerIdentifier) ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) -} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) +} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo) /* Minor tweak to operation: free up signer key, cert */ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, @@ -93,12 +48,9 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, { if (operation == ASN1_OP_FREE_POST) { CMS_SignerInfo *si = (CMS_SignerInfo *)*pval; - if (si->pkey) - EVP_PKEY_free(si->pkey); - if (si->signer) - X509_free(si->signer); - if (si->pctx) - EVP_MD_CTX_cleanup(&si->mctx); + EVP_PKEY_free(si->pkey); + X509_free(si->signer); + EVP_MD_CTX_free(si->mctx); } return 1; } @@ -116,7 +68,7 @@ ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = { ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = { ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT), ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY) -} ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat) +} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat) ASN1_CHOICE(CMS_RevocationInfoChoice) = { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), @@ -135,13 +87,13 @@ ASN1_NDEF_SEQUENCE(CMS_SignedData) = { ASN1_SEQUENCE(CMS_OriginatorInfo) = { ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0), ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1) -} ASN1_SEQUENCE_END(CMS_OriginatorInfo) +} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo) ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = { ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT), ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR), ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0) -} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) +} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo) ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = { ASN1_SIMPLE(CMS_KeyTransRecipientInfo, version, LONG), @@ -164,15 +116,14 @@ ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = { ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = { ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0) -} ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) +} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier) static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval; if (operation == ASN1_OP_FREE_POST) { - if (rek->pkey) - EVP_PKEY_free(rek->pkey); + EVP_PKEY_free(rek->pkey); } return 1; } @@ -191,20 +142,21 @@ ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = { ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber), ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0), ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1) -} ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) +} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey) static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) { CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval; if (operation == ASN1_OP_NEW_POST) { - EVP_CIPHER_CTX_init(&kari->ctx); - EVP_CIPHER_CTX_set_flags(&kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); + kari->ctx = EVP_CIPHER_CTX_new(); + if (kari->ctx == NULL) + return 0; + EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); kari->pctx = NULL; } else if (operation == ASN1_OP_FREE_POST) { - if (kari->pctx) - EVP_PKEY_CTX_free(kari->pctx); - EVP_CIPHER_CTX_cleanup(&kari->ctx); + EVP_PKEY_CTX_free(kari->pctx); + EVP_CIPHER_CTX_free(kari->ctx); } return 1; } @@ -221,7 +173,7 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = { ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING), ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME), ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute) -} ASN1_SEQUENCE_END(CMS_KEKIdentifier) +} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier) ASN1_SEQUENCE(CMS_KEKRecipientInfo) = { ASN1_SIMPLE(CMS_KEKRecipientInfo, version, LONG), @@ -240,7 +192,7 @@ ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = { ASN1_SEQUENCE(CMS_OtherRecipientInfo) = { ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT), ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY) -} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) +} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo) /* Free up RecipientInfo additional data */ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, @@ -250,24 +202,15 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval; if (ri->type == CMS_RECIPINFO_TRANS) { CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; - if (ktri->pkey) - EVP_PKEY_free(ktri->pkey); - if (ktri->recip) - X509_free(ktri->recip); - if (ktri->pctx) - EVP_PKEY_CTX_free(ktri->pctx); + EVP_PKEY_free(ktri->pkey); + X509_free(ktri->recip); + EVP_PKEY_CTX_free(ktri->pctx); } else if (ri->type == CMS_RECIPINFO_KEK) { CMS_KEKRecipientInfo *kekri = ri->d.kekri; - if (kekri->key) { - OPENSSL_cleanse(kekri->key, kekri->keylen); - OPENSSL_free(kekri->key); - } + OPENSSL_clear_free(kekri->key, kekri->keylen); } else if (ri->type == CMS_RECIPINFO_PASS) { CMS_PasswordRecipientInfo *pwri = ri->d.pwri; - if (pwri->pass) { - OPENSSL_cleanse(pwri->pass, pwri->passlen); - OPENSSL_free(pwri->pass); - } + OPENSSL_clear_free(pwri->pass, pwri->passlen); } } return 1; @@ -312,7 +255,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = { ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2), ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING), ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3) -} ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData) +} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData) ASN1_NDEF_SEQUENCE(CMS_CompressedData) = { ASN1_SIMPLE(CMS_CompressedData, version, LONG), @@ -349,6 +292,7 @@ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, case ASN1_OP_STREAM_PRE: if (CMS_stream(&sarg->boundary, cms) <= 0) return 0; + /* fall thru */ case ASN1_OP_DETACHED_PRE: sarg->ndef_bio = CMS_dataInit(cms, sarg->out); if (!sarg->ndef_bio) @@ -396,7 +340,7 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify) ASN1_CHOICE(CMS_ReceiptsFrom) = { ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0), ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1) -} ASN1_CHOICE_END(CMS_ReceiptsFrom) +} static_ASN1_CHOICE_END(CMS_ReceiptsFrom) ASN1_SEQUENCE(CMS_ReceiptRequest) = { ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), @@ -426,7 +370,7 @@ ASN1_SEQUENCE(CMS_SharedInfo) = { ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR), ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0), ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2), -} ASN1_SEQUENCE_END(CMS_SharedInfo) +} static_ASN1_SEQUENCE_END(CMS_SharedInfo) int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen) diff --git a/deps/openssl/openssl/crypto/cms/cms_att.c b/deps/openssl/openssl/crypto/cms/cms_att.c index f79a49d518..664e64971b 100644 --- a/deps/openssl/openssl/crypto/cms/cms_att.c +++ b/deps/openssl/openssl/crypto/cms/cms_att.c @@ -1,62 +1,17 @@ -/* crypto/cms/cms_att.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/x509v3.h> #include <openssl/err.h> -#include "cms.h" +#include <openssl/cms.h> #include "cms_lcl.h" /* CMS SignedData Attribute utilities */ @@ -71,7 +26,7 @@ int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos) return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos); } -int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, +int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj, int lastpos) { return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos); @@ -120,7 +75,7 @@ int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, return 0; } -void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, +void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid, int lastpos, int type) { return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type); @@ -137,8 +92,8 @@ int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos); } -int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj, - int lastpos) +int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, + const ASN1_OBJECT *obj, int lastpos) { return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos); } diff --git a/deps/openssl/openssl/crypto/cms/cms_cd.c b/deps/openssl/openssl/crypto/cms/cms_cd.c index aa3238f584..f05e308418 100644 --- a/deps/openssl/openssl/crypto/cms/cms_cd.c +++ b/deps/openssl/openssl/crypto/cms/cms_cd.c @@ -1,71 +1,22 @@ -/* crypto/cms/cms_cd.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/x509v3.h> #include <openssl/err.h> #include <openssl/cms.h> #include <openssl/bio.h> -#ifndef OPENSSL_NO_COMP -# include <openssl/comp.h> -#endif +#include <openssl/comp.h> #include "cms_lcl.h" -DECLARE_ASN1_ITEM(CMS_CompressedData) - #ifdef ZLIB /* CMS CompressedData Utilities */ @@ -84,12 +35,12 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid) return NULL; } cms = CMS_ContentInfo_new(); - if (!cms) + if (cms == NULL) return NULL; cd = M_ASN1_new_of(CMS_CompressedData); - if (!cd) + if (cd == NULL) goto err; cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData); @@ -105,17 +56,14 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid) return cms; err: - - if (cms) - CMS_ContentInfo_free(cms); - + CMS_ContentInfo_free(cms); return NULL; } BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms) { CMS_CompressedData *cd; - ASN1_OBJECT *compoid; + const ASN1_OBJECT *compoid; if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) { CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA); diff --git a/deps/openssl/openssl/crypto/cms/cms_dd.c b/deps/openssl/openssl/crypto/cms/cms_dd.c index 23e9f2d3a4..5da6802fcd 100644 --- a/deps/openssl/openssl/crypto/cms/cms_dd.c +++ b/deps/openssl/openssl/crypto/cms/cms_dd.c @@ -1,58 +1,13 @@ -/* crypto/cms/cms_dd.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/x509v3.h> @@ -60,8 +15,6 @@ #include <openssl/cms.h> #include "cms_lcl.h" -DECLARE_ASN1_ITEM(CMS_DigestedData) - /* CMS DigestedData Utilities */ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) @@ -69,12 +22,12 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) CMS_ContentInfo *cms; CMS_DigestedData *dd; cms = CMS_ContentInfo_new(); - if (!cms) + if (cms == NULL) return NULL; dd = M_ASN1_new_of(CMS_DigestedData); - if (!dd) + if (dd == NULL) goto err; cms->contentType = OBJ_nid2obj(NID_pkcs7_digest); @@ -83,15 +36,12 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md) dd->version = 0; dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data); - cms_DigestAlgorithm_set(dd->digestAlgorithm, md); + X509_ALGOR_set_md(dd->digestAlgorithm, md); return cms; err: - - if (cms) - CMS_ContentInfo_free(cms); - + CMS_ContentInfo_free(cms); return NULL; } @@ -104,19 +54,23 @@ BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms) int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; int r = 0; CMS_DigestedData *dd; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE); + goto err; + } dd = cms->d.digestedData; - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, dd->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0) + if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0) goto err; if (verify) { @@ -138,7 +92,7 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify) } err: - EVP_MD_CTX_cleanup(&mctx); + EVP_MD_CTX_free(mctx); return r; diff --git a/deps/openssl/openssl/crypto/cms/cms_enc.c b/deps/openssl/openssl/crypto/cms/cms_enc.c index 90b1fcc750..ed913426bc 100644 --- a/deps/openssl/openssl/crypto/cms/cms_enc.c +++ b/deps/openssl/openssl/crypto/cms/cms_enc.c @@ -1,58 +1,13 @@ -/* crypto/cms/cms_enc.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/x509v3.h> @@ -63,8 +18,6 @@ /* CMS EncryptedData Utilities */ -DECLARE_ASN1_ITEM(CMS_EncryptedData) - /* Return BIO based on EncryptedContentInfo and key */ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) @@ -84,7 +37,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) enc = ec->cipher ? 1 : 0; b = BIO_new(BIO_f_cipher()); - if (!b) { + if (b == NULL) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE); return NULL; } @@ -132,7 +85,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) /* Generate random session key */ if (!enc || !ec->key) { tkey = OPENSSL_malloc(tkeylen); - if (!tkey) { + if (tkey == NULL) { CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE); goto err; } @@ -164,8 +117,7 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) goto err; } else { /* Use random key */ - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = tkey; ec->keylen = tkeylen; tkey = NULL; @@ -199,15 +151,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec) ok = 1; err: - if (ec->key && (!keep_key || !ok)) { - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); + if (!keep_key || !ok) { + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = NULL; } - if (tkey) { - OPENSSL_cleanse(tkey, tkeylen); - OPENSSL_free(tkey); - } + OPENSSL_clear_free(tkey, tkeylen); if (ok) return b; BIO_free(b); @@ -221,7 +169,7 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, ec->cipher = cipher; if (key) { ec->key = OPENSSL_malloc(keylen); - if (!ec->key) + if (ec->key == NULL) return 0; memcpy(ec->key, key, keylen); } diff --git a/deps/openssl/openssl/crypto/cms/cms_env.c b/deps/openssl/openssl/crypto/cms/cms_env.c index 93c06cb00a..8d45943530 100644 --- a/deps/openssl/openssl/crypto/cms/cms_env.c +++ b/deps/openssl/openssl/crypto/cms/cms_env.c @@ -1,77 +1,25 @@ -/* crypto/cms/cms_env.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/x509v3.h> #include <openssl/err.h> #include <openssl/cms.h> -#include <openssl/rand.h> #include <openssl/aes.h> #include "cms_lcl.h" -#include "asn1_locl.h" +#include "internal/asn1_int.h" +#include "internal/evp_int.h" /* CMS EnvelopedData Utilities */ -DECLARE_ASN1_ITEM(CMS_EnvelopedData) -DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) -DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) -DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) - -DECLARE_STACK_OF(CMS_RecipientInfo) - CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms) { if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { @@ -158,18 +106,17 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher) CMS_ContentInfo *cms; CMS_EnvelopedData *env; cms = CMS_ContentInfo_new(); - if (!cms) + if (cms == NULL) goto merr; env = cms_enveloped_data_init(cms); - if (!env) + if (env == NULL) goto merr; if (!cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL, 0)) goto merr; return cms; merr: - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE); return NULL; } @@ -207,14 +154,15 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype)) return 0; - CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509); - CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); + X509_up_ref(recip); + EVP_PKEY_up_ref(pk); + ktri->pkey = pk; ktri->recip = recip; if (flags & CMS_KEY_PARAM) { ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); - if (!ktri->pctx) + if (ktri->pctx == NULL) return 0; if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) return 0; @@ -242,7 +190,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, if (!ri) goto merr; - pk = X509_get_pubkey(recip); + pk = X509_get0_pubkey(recip); if (!pk) { CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY); goto err; @@ -270,17 +218,12 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri)) goto merr; - EVP_PKEY_free(pk); - return ri; merr: CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE); err: - if (ri) - M_ASN1_free_of(ri, CMS_RecipientInfo); - if (pk) - EVP_PKEY_free(pk); + M_ASN1_free_of(ri, CMS_RecipientInfo); return NULL; } @@ -370,7 +313,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, goto err; } else { pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL); - if (!pctx) + if (pctx == NULL) return 0; if (EVP_PKEY_encrypt_init(pctx) <= 0) @@ -402,12 +345,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, ret = 1; err: - if (pctx) { - EVP_PKEY_CTX_free(pctx); - ktri->pctx = NULL; - } - if (ek) - OPENSSL_free(ek); + EVP_PKEY_CTX_free(pctx); + ktri->pctx = NULL; + OPENSSL_free(ek); return ret; } @@ -431,7 +371,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, } ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL); - if (!ktri->pctx) + if (ktri->pctx == NULL) return 0; if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0) @@ -467,20 +407,14 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, ret = 1; - if (ec->key) { - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); - } - + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = ek; ec->keylen = eklen; err: - if (ktri->pctx) { - EVP_PKEY_CTX_free(ktri->pctx); - ktri->pctx = NULL; - } - if (!ret && ek) + EVP_PKEY_CTX_free(ktri->pctx); + ktri->pctx = NULL; + if (!ret) OPENSSL_free(ek); return ret; @@ -619,8 +553,7 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, merr: CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE); err: - if (ri) - M_ASN1_free_of(ri, CMS_RecipientInfo); + M_ASN1_free_of(ri, CMS_RecipientInfo); return NULL; } @@ -703,7 +636,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, wkey = OPENSSL_malloc(ec->keylen + 8); - if (!wkey) { + if (wkey == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -721,7 +654,7 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, err: - if (!r && wkey) + if (!r) OPENSSL_free(wkey); OPENSSL_cleanse(&actx, sizeof(actx)); @@ -773,7 +706,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); - if (!ukey) { + if (ukey == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -794,7 +727,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, err: - if (!r && ukey) + if (!r) OPENSSL_free(ukey); OPENSSL_cleanse(&actx, sizeof(actx)); @@ -832,11 +765,9 @@ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) case CMS_RECIPINFO_KEK: return cms_RecipientInfo_kekri_encrypt(cms, ri); - break; case CMS_RECIPINFO_PASS: return cms_RecipientInfo_pwri_crypt(cms, ri, 1); - break; default: CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT, @@ -901,10 +832,10 @@ static void cms_env_set_version(CMS_EnvelopedData *env) env->version = 2; } } - if (env->version == 2) - return; if (env->originatorInfo || env->unprotectedAttrs) env->version = 2; + if (env->version == 2) + return; env->version = 0; } @@ -944,12 +875,9 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) err: ec->cipher = NULL; - if (ec->key) { - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); - ec->key = NULL; - ec->keylen = 0; - } + OPENSSL_clear_free(ec->key, ec->keylen); + ec->key = NULL; + ec->keylen = 0; if (ok) return ret; BIO_free(ret); diff --git a/deps/openssl/openssl/crypto/cms/cms_err.c b/deps/openssl/openssl/crypto/cms/cms_err.c index 15572ea348..c6df1b5afe 100644 --- a/deps/openssl/openssl/crypto/cms/cms_err.c +++ b/deps/openssl/openssl/crypto/cms/cms_err.c @@ -1,62 +1,11 @@ -/* crypto/cms/cms_err.c */ -/* ==================================================================== - * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - /* - * NOTE: this file was auto generated by the mkerr.pl script: any changes - * made to it will be overwritten when the script next updates this file, - * only reason strings will be preserved. + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> @@ -70,7 +19,7 @@ # define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason) static ERR_STRING_DATA CMS_str_functs[] = { - {ERR_FUNC(CMS_F_CHECK_CONTENT), "CHECK_CONTENT"}, + {ERR_FUNC(CMS_F_CHECK_CONTENT), "check_content"}, {ERR_FUNC(CMS_F_CMS_ADD0_CERT), "CMS_add0_cert"}, {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY), "CMS_add0_recipient_key"}, {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD), @@ -78,13 +27,13 @@ static ERR_STRING_DATA CMS_str_functs[] = { {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST), "CMS_add1_ReceiptRequest"}, {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT), "CMS_add1_recipient_cert"}, {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER), "CMS_add1_signer"}, - {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "CMS_ADD1_SIGNINGTIME"}, + {ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME), "cms_add1_signingTime"}, {ERR_FUNC(CMS_F_CMS_COMPRESS), "CMS_compress"}, {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE), "cms_CompressedData_create"}, {ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO), "cms_CompressedData_init_bio"}, - {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "CMS_COPY_CONTENT"}, - {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "CMS_COPY_MESSAGEDIGEST"}, + {ERR_FUNC(CMS_F_CMS_COPY_CONTENT), "cms_copy_content"}, + {ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST), "cms_copy_messageDigest"}, {ERR_FUNC(CMS_F_CMS_DATA), "CMS_data"}, {ERR_FUNC(CMS_F_CMS_DATAFINAL), "CMS_dataFinal"}, {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"}, @@ -109,17 +58,17 @@ static ERR_STRING_DATA CMS_str_functs[] = { {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE), "CMS_EnvelopedData_create"}, {ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO), "cms_EnvelopedData_init_bio"}, - {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "CMS_ENVELOPED_DATA_INIT"}, + {ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT), "cms_enveloped_data_init"}, {ERR_FUNC(CMS_F_CMS_ENV_ASN1_CTRL), "cms_env_asn1_ctrl"}, {ERR_FUNC(CMS_F_CMS_FINAL), "CMS_final"}, {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), - "CMS_GET0_CERTIFICATE_CHOICES"}, + "cms_get0_certificate_choices"}, {ERR_FUNC(CMS_F_CMS_GET0_CONTENT), "CMS_get0_content"}, - {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "CMS_GET0_ECONTENT_TYPE"}, + {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE), "cms_get0_econtent_type"}, {ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED), "cms_get0_enveloped"}, {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES), - "CMS_GET0_REVOCATION_CHOICES"}, - {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "CMS_GET0_SIGNED"}, + "cms_get0_revocation_choices"}, + {ERR_FUNC(CMS_F_CMS_GET0_SIGNED), "cms_get0_signed"}, {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1), "cms_msgSigDigest_add1"}, {ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0), "CMS_ReceiptRequest_create0"}, @@ -137,9 +86,9 @@ static ERR_STRING_DATA CMS_str_functs[] = { {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP), "CMS_RecipientInfo_kari_orig_id_cmp"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT), - "CMS_RECIPIENTINFO_KEKRI_DECRYPT"}, + "cms_RecipientInfo_kekri_decrypt"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT), - "CMS_RECIPIENTINFO_KEKRI_ENCRYPT"}, + "cms_RecipientInfo_kekri_encrypt"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID), "CMS_RecipientInfo_kekri_get0_id"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP), @@ -147,9 +96,9 @@ static ERR_STRING_DATA CMS_str_functs[] = { {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP), "CMS_RecipientInfo_ktri_cert_cmp"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT), - "CMS_RECIPIENTINFO_KTRI_DECRYPT"}, + "cms_RecipientInfo_ktri_decrypt"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT), - "CMS_RECIPIENTINFO_KTRI_ENCRYPT"}, + "cms_RecipientInfo_ktri_encrypt"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS), "CMS_RecipientInfo_ktri_get0_algs"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID), @@ -162,19 +111,19 @@ static ERR_STRING_DATA CMS_str_functs[] = { "CMS_RecipientInfo_set0_password"}, {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY), "CMS_RecipientInfo_set0_pkey"}, - {ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "CMS_SD_ASN1_CTRL"}, + {ERR_FUNC(CMS_F_CMS_SD_ASN1_CTRL), "cms_sd_asn1_ctrl"}, {ERR_FUNC(CMS_F_CMS_SET1_IAS), "cms_set1_ias"}, {ERR_FUNC(CMS_F_CMS_SET1_KEYID), "cms_set1_keyid"}, {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER), "cms_set1_SignerIdentifier"}, {ERR_FUNC(CMS_F_CMS_SET_DETACHED), "CMS_set_detached"}, {ERR_FUNC(CMS_F_CMS_SIGN), "CMS_sign"}, - {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "CMS_SIGNED_DATA_INIT"}, + {ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT), "cms_signed_data_init"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN), - "CMS_SIGNERINFO_CONTENT_SIGN"}, + "cms_SignerInfo_content_sign"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN), "CMS_SignerInfo_sign"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY), "CMS_SignerInfo_verify"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), - "CMS_SIGNERINFO_VERIFY_CERT"}, + "cms_signerinfo_verify_cert"}, {ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"}, {ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"}, @@ -210,7 +159,6 @@ static ERR_STRING_DATA CMS_str_reasons[] = { {ERR_REASON(CMS_R_CTRL_ERROR), "ctrl error"}, {ERR_REASON(CMS_R_CTRL_FAILURE), "ctrl failure"}, {ERR_REASON(CMS_R_DECRYPT_ERROR), "decrypt error"}, - {ERR_REASON(CMS_R_DIGEST_ERROR), "digest error"}, {ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"}, {ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), "error reading messagedigest attribute"}, @@ -297,7 +245,7 @@ static ERR_STRING_DATA CMS_str_reasons[] = { #endif -void ERR_load_CMS_strings(void) +int ERR_load_CMS_strings(void) { #ifndef OPENSSL_NO_ERR @@ -306,4 +254,5 @@ void ERR_load_CMS_strings(void) ERR_load_strings(0, CMS_str_reasons); } #endif + return 1; } diff --git a/deps/openssl/openssl/crypto/cms/cms_ess.c b/deps/openssl/openssl/crypto/cms/cms_ess.c index 8212560628..4780231c22 100644 --- a/deps/openssl/openssl/crypto/cms/cms_ess.c +++ b/deps/openssl/openssl/crypto/cms/cms_ess.c @@ -1,58 +1,13 @@ -/* crypto/cms/cms_ess.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/rand.h> @@ -61,9 +16,6 @@ #include <openssl/cms.h> #include "cms_lcl.h" -DECLARE_ASN1_ITEM(CMS_ReceiptRequest) -DECLARE_ASN1_ITEM(CMS_Receipt) - IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest) /* ESS services: for now just Signed Receipt related */ @@ -100,7 +52,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, CMS_ReceiptRequest *rr = NULL; rr = CMS_ReceiptRequest_new(); - if (!rr) + if (rr == NULL) goto merr; if (id) ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen); @@ -128,9 +80,7 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen, CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE); err: - if (rr) - CMS_ReceiptRequest_free(rr); - + CMS_ReceiptRequest_free(rr); return NULL; } @@ -154,8 +104,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr) if (!r) CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE); - if (rrder) - OPENSSL_free(rrder); + OPENSSL_free(rrder); return r; @@ -338,11 +287,8 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms) r = 1; err: - if (rr) - CMS_ReceiptRequest_free(rr); - if (rct) - M_ASN1_free_of(rct, CMS_Receipt); - + CMS_ReceiptRequest_free(rr); + M_ASN1_free_of(rct, CMS_Receipt); return r; } @@ -386,9 +332,6 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si) os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL); err: - if (rr) - CMS_ReceiptRequest_free(rr); - + CMS_ReceiptRequest_free(rr); return os; - } diff --git a/deps/openssl/openssl/crypto/cms/cms_io.c b/deps/openssl/openssl/crypto/cms/cms_io.c index ec51f8e680..d18f980a97 100644 --- a/deps/openssl/openssl/crypto/cms/cms_io.c +++ b/deps/openssl/openssl/crypto/cms/cms_io.c @@ -1,73 +1,28 @@ -/* crypto/cms/cms_io.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/asn1t.h> #include <openssl/x509.h> #include <openssl/err.h> #include <openssl/pem.h> -#include "cms.h" +#include <openssl/cms.h> #include "cms_lcl.h" int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms) { ASN1_OCTET_STRING **pos; pos = CMS_get0_content(cms); - if (!pos) + if (pos == NULL) return 0; - if (!*pos) + if (*pos == NULL) *pos = ASN1_OCTET_STRING_new(); - if (*pos) { + if (*pos != NULL) { (*pos)->flags |= ASN1_STRING_FLAG_NDEF; (*pos)->flags &= ~ASN1_STRING_FLAG_CONT; *boundary = &(*pos)->data; diff --git a/deps/openssl/openssl/crypto/cms/cms_kari.c b/deps/openssl/openssl/crypto/cms/cms_kari.c index ee283172d3..3bc46febf6 100644 --- a/deps/openssl/openssl/crypto/cms/cms_kari.c +++ b/deps/openssl/openssl/crypto/cms/cms_kari.c @@ -1,72 +1,21 @@ -/* crypto/cms/cms_kari.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2013 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/x509v3.h> #include <openssl/err.h> #include <openssl/cms.h> -#include <openssl/rand.h> #include <openssl/aes.h> #include "cms_lcl.h" -#include "asn1_locl.h" - -DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) -DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) -DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) -DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) +#include "internal/asn1_int.h" /* Key Agreement Recipient Info (KARI) routines */ @@ -207,10 +156,9 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) { EVP_PKEY_CTX *pctx; CMS_KeyAgreeRecipientInfo *kari = ri->d.kari; - if (kari->pctx) { - EVP_PKEY_CTX_free(kari->pctx); - kari->pctx = NULL; - } + + EVP_PKEY_CTX_free(kari->pctx); + kari->pctx = NULL; if (!pk) return 1; pctx = EVP_PKEY_CTX_new(pk, NULL); @@ -219,15 +167,14 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk) kari->pctx = pctx; return 1; err: - if (pctx) - EVP_PKEY_CTX_free(pctx); + EVP_PKEY_CTX_free(pctx); return 0; } EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri) { if (ri->type == CMS_RECIPINFO_AGREE) - return &ri->d.kari->ctx; + return ri->d.kari->ctx; return NULL; } @@ -246,22 +193,22 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, int rv = 0; unsigned char *out = NULL; int outlen; - keklen = EVP_CIPHER_CTX_key_length(&kari->ctx); + keklen = EVP_CIPHER_CTX_key_length(kari->ctx); if (keklen > EVP_MAX_KEY_LENGTH) return 0; /* Derive KEK */ if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0) goto err; /* Set KEK in context */ - if (!EVP_CipherInit_ex(&kari->ctx, NULL, NULL, kek, NULL, enc)) + if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc)) goto err; /* obtain output length of ciphered key */ - if (!EVP_CipherUpdate(&kari->ctx, NULL, &outlen, in, inlen)) + if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen)) goto err; out = OPENSSL_malloc(outlen); - if (!out) + if (out == NULL) goto err; - if (!EVP_CipherUpdate(&kari->ctx, out, &outlen, in, inlen)) + if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen)) goto err; *pout = out; *poutlen = (size_t)outlen; @@ -269,9 +216,10 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen, err: OPENSSL_cleanse(kek, keklen); - if (!rv && out) + if (!rv) OPENSSL_free(out); - EVP_CIPHER_CTX_cleanup(&kari->ctx); + EVP_CIPHER_CTX_reset(kari->ctx); + /* FIXME: WHY IS kari->pctx freed here? /RL */ EVP_PKEY_CTX_free(kari->pctx); kari->pctx = NULL; return rv; @@ -295,17 +243,13 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0)) goto err; ec = cms->d.envelopedData->encryptedContentInfo; - if (ec->key) { - OPENSSL_cleanse(ec->key, ec->keylen); - OPENSSL_free(ec->key); - } + OPENSSL_clear_free(ec->key, ec->keylen); ec->key = cek; ec->keylen = ceklen; cek = NULL; rv = 1; err: - if (cek) - OPENSSL_free(cek); + OPENSSL_free(cek); return rv; } @@ -332,10 +276,9 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, kari->pctx = pctx; rv = 1; err: - if (!rv && pctx) + if (!rv) EVP_PKEY_CTX_free(pctx); - if (ekey) - EVP_PKEY_free(ekey); + EVP_PKEY_free(ekey); return rv; } @@ -378,7 +321,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, if (!cms_kari_create_ephemeral_key(kari, pk)) return 0; - CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); + EVP_PKEY_up_ref(pk); rek->pkey = pk; return 1; } @@ -386,7 +329,7 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher) { - EVP_CIPHER_CTX *ctx = &kari->ctx; + EVP_CIPHER_CTX *ctx = kari->ctx; const EVP_CIPHER *kekcipher; int keylen = EVP_CIPHER_key_length(cipher); /* If a suitable wrap algorithm is already set nothing to do */ @@ -437,7 +380,7 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, if (!cms_wrap_init(kari, ec->cipher)) return 0; /* - * If no orignator key set up initialise for ephemeral key the public key + * If no originator key set up initialise for ephemeral key the public key * ASN1 structure will set the actual public key value. */ if (kari->originator->type == -1) { diff --git a/deps/openssl/openssl/crypto/cms/cms_lcl.h b/deps/openssl/openssl/crypto/cms/cms_lcl.h index 20f2c25f5a..d0c0e81363 100644 --- a/deps/openssl/openssl/crypto/cms/cms_lcl.h +++ b/deps/openssl/openssl/crypto/cms/cms_lcl.h @@ -1,55 +1,10 @@ -/* crypto/cms/cms_lcl.h */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #ifndef HEADER_CMS_LCL_H @@ -109,6 +64,8 @@ struct CMS_ContentInfo_st { } d; }; +DEFINE_STACK_OF(CMS_CertificateChoices) + struct CMS_SignedData_st { long version; STACK_OF(X509_ALGOR) *digestAlgorithms; @@ -137,7 +94,7 @@ struct CMS_SignerInfo_st { X509 *signer; EVP_PKEY *pkey; /* Digest and public key context for alternative parameters */ - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx; EVP_PKEY_CTX *pctx; }; @@ -208,7 +165,7 @@ struct CMS_KeyAgreeRecipientInfo_st { /* Public key context associated with current operation */ EVP_PKEY_CTX *pctx; /* Cipher context for CEK wrapping */ - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; }; struct CMS_OriginatorIdentifierOrKey_st { @@ -431,7 +388,6 @@ int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert); CMS_ContentInfo *cms_CompressedData_create(int comp_nid); BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms); -void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md); BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm); int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg); @@ -465,6 +421,23 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, int en_de); +DECLARE_ASN1_ITEM(CMS_CertificateChoices) +DECLARE_ASN1_ITEM(CMS_DigestedData) +DECLARE_ASN1_ITEM(CMS_EncryptedData) +DECLARE_ASN1_ITEM(CMS_EnvelopedData) +DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo) +DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo) +DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo) +DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey) +DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute) +DECLARE_ASN1_ITEM(CMS_Receipt) +DECLARE_ASN1_ITEM(CMS_ReceiptRequest) +DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey) +DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier) +DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) +DECLARE_ASN1_ITEM(CMS_SignedData) +DECLARE_ASN1_ITEM(CMS_CompressedData) + #ifdef __cplusplus } #endif diff --git a/deps/openssl/openssl/crypto/cms/cms_lib.c b/deps/openssl/openssl/crypto/cms/cms_lib.c index 6d27c4969b..7395684b61 100644 --- a/deps/openssl/openssl/crypto/cms/cms_lib.c +++ b/deps/openssl/openssl/crypto/cms/cms_lib.c @@ -1,55 +1,10 @@ -/* crypto/cms/cms_lib.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <openssl/asn1t.h> @@ -58,18 +13,13 @@ #include <openssl/pem.h> #include <openssl/bio.h> #include <openssl/asn1.h> -#include "cms.h" +#include <openssl/cms.h> #include "cms_lcl.h" IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo) IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo) -DECLARE_ASN1_ITEM(CMS_CertificateChoices) -DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice) -DECLARE_STACK_OF(CMS_CertificateChoices) -DECLARE_STACK_OF(CMS_RevocationInfoChoice) - -const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms) +const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms) { return cms->contentType; } @@ -78,7 +28,7 @@ CMS_ContentInfo *cms_Data_create(void) { CMS_ContentInfo *cms; cms = CMS_ContentInfo_new(); - if (cms) { + if (cms != NULL) { cms->contentType = OBJ_nid2obj(NID_pkcs7_data); /* Never detached */ CMS_set_detached(cms, 0); @@ -159,7 +109,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio) ASN1_OCTET_STRING **pos = CMS_get0_content(cms); if (!pos) return 0; - /* If ebmedded content find memory BIO and set content */ + /* If embedded content find memory BIO and set content */ if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) { BIO *mbio; unsigned char *cont; @@ -314,15 +264,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached) if (!pos) return 0; if (detached) { - if (*pos) { - ASN1_OCTET_STRING_free(*pos); - *pos = NULL; - } + ASN1_OCTET_STRING_free(*pos); + *pos = NULL; return 1; } - if (!*pos) + if (*pos == NULL) *pos = ASN1_OCTET_STRING_new(); - if (*pos) { + if (*pos != NULL) { /* * NB: special flag to show content is created and not read in. */ @@ -333,27 +281,12 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached) return 0; } -/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */ - -void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md) -{ - int param_type; - - if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT) - param_type = V_ASN1_UNDEF; - else - param_type = V_ASN1_NULL; - - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); - -} - /* Create a digest BIO from an X509_ALGOR structure */ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) { BIO *mdbio = NULL; - ASN1_OBJECT *digestoid; + const ASN1_OBJECT *digestoid; const EVP_MD *digest; X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm); digest = EVP_get_digestbyobj(digestoid); @@ -363,14 +296,13 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm) goto err; } mdbio = BIO_new(BIO_f_md()); - if (!mdbio || !BIO_set_md(mdbio, digest)) { + if (mdbio == NULL || !BIO_set_md(mdbio, digest)) { CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR); goto err; } return mdbio; err: - if (mdbio) - BIO_free(mdbio); + BIO_free(mdbio); return NULL; } @@ -380,7 +312,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg) { int nid; - ASN1_OBJECT *mdoid; + const ASN1_OBJECT *mdoid; X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg); nid = OBJ_obj2nid(mdoid); /* Look for digest type to match signature */ @@ -477,7 +409,7 @@ int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert) int r; r = CMS_add0_cert(cms, cert); if (r > 0) - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cert); return r; } @@ -539,7 +471,7 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl) int r; r = CMS_add0_crl(cms, crl); if (r > 0) - CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); + X509_CRL_up_ref(crl); return r; } @@ -564,7 +496,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms) sk_X509_pop_free(certs, X509_free); return NULL; } - CRYPTO_add(&cch->d.certificate->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(cch->d.certificate); } } return certs; @@ -592,7 +524,7 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms) sk_X509_CRL_pop_free(crls, X509_CRL_free); return NULL; } - CRYPTO_add(&rch->d.crl->references, 1, CRYPTO_LOCK_X509_CRL); + X509_CRL_up_ref(rch->d.crl); } } return crls; @@ -609,10 +541,11 @@ int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert) int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert) { - X509_check_purpose(cert, -1, -1); - if (!cert->skid) + const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert); + + if (cert_keyid == NULL) return -1; - return ASN1_OCTET_STRING_cmp(keyid, cert->skid); + return ASN1_OCTET_STRING_cmp(keyid, cert_keyid); } int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) @@ -625,13 +558,11 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) goto err; if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert))) goto err; - if (*pias) - M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); + M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber); *pias = ias; return 1; err: - if (ias) - M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); + M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber); CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE); return 0; } @@ -639,18 +570,18 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert) int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert) { ASN1_OCTET_STRING *keyid = NULL; - X509_check_purpose(cert, -1, -1); - if (!cert->skid) { + const ASN1_OCTET_STRING *cert_keyid; + cert_keyid = X509_get0_subject_key_id(cert); + if (cert_keyid == NULL) { CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID); return 0; } - keyid = ASN1_STRING_dup(cert->skid); + keyid = ASN1_STRING_dup(cert_keyid); if (!keyid) { CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE); return 0; } - if (*pkeyid) - ASN1_OCTET_STRING_free(*pkeyid); + ASN1_OCTET_STRING_free(*pkeyid); *pkeyid = keyid; return 1; } diff --git a/deps/openssl/openssl/crypto/cms/cms_pwri.c b/deps/openssl/openssl/crypto/cms/cms_pwri.c index 5c817caf2f..0571bb8026 100644 --- a/deps/openssl/openssl/crypto/cms/cms_pwri.c +++ b/deps/openssl/openssl/crypto/cms/cms_pwri.c @@ -1,58 +1,13 @@ -/* crypto/cms/cms_pwri.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2009 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/x509v3.h> @@ -61,7 +16,7 @@ #include <openssl/rand.h> #include <openssl/aes.h> #include "cms_lcl.h" -#include "asn1_locl.h" +#include "internal/asn1_int.h" int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass, ossl_ssize_t passlen) @@ -90,7 +45,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, CMS_RecipientInfo *ri = NULL; CMS_EnvelopedData *env; CMS_PasswordRecipientInfo *pwri; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx = NULL; X509_ALGOR *encalg = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; int ivlen; @@ -124,19 +79,19 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, if (encalg == NULL) { goto merr; } - EVP_CIPHER_CTX_init(&ctx); + ctx = EVP_CIPHER_CTX_new(); - if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) { + if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); goto err; } - ivlen = EVP_CIPHER_CTX_iv_length(&ctx); + ivlen = EVP_CIPHER_CTX_iv_length(ctx); if (ivlen > 0) { if (RAND_bytes(iv, ivlen) <= 0) goto err; - if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) { + if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB); goto err; } @@ -145,24 +100,25 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE); goto err; } - if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) { + if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) { CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; } } - encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx)); + encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx)); - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; /* Initialize recipient info */ ri = M_ASN1_new_of(CMS_RecipientInfo); - if (!ri) + if (ri == NULL) goto merr; ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo); - if (!ri->d.pwri) + if (ri->d.pwri == NULL) goto merr; ri->type = CMS_RECIPINFO_PASS; @@ -170,11 +126,11 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, /* Since this is overwritten, free up empty structure already there */ X509_ALGOR_free(pwri->keyEncryptionAlgorithm); pwri->keyEncryptionAlgorithm = X509_ALGOR_new(); - if (!pwri->keyEncryptionAlgorithm) + if (pwri->keyEncryptionAlgorithm == NULL) goto merr; pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid); pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new(); - if (!pwri->keyEncryptionAlgorithm->parameter) + if (pwri->keyEncryptionAlgorithm->parameter == NULL) goto merr; if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR), @@ -204,11 +160,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, merr: CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE); err: - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); if (ri) M_ASN1_free_of(ri, CMS_RecipientInfo); - if (encalg) - X509_ALGOR_free(encalg); + X509_ALGOR_free(encalg); return NULL; } @@ -234,24 +189,26 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, return 0; } tmp = OPENSSL_malloc(inlen); - if (!tmp) + if (tmp == NULL) return 0; /* setup IV by decrypting last two blocks */ - EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, - in + inlen - 2 * blocklen, blocklen * 2); - /* - * Do a decrypt of last decrypted block to set IV to correct value output - * it to start of buffer so we don't corrupt decrypted block this works - * because buffer is at least two block lengths long. - */ - EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen); - /* Can now decrypt first n - 1 blocks */ - EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen); - - /* Reset IV to original value */ - EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL); - /* Decrypt again */ - EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen); + if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl, + in + inlen - 2 * blocklen, blocklen * 2) + /* + * Do a decrypt of last decrypted block to set IV to correct value + * output it to start of buffer so we don't corrupt decrypted block + * this works because buffer is at least two block lengths long. + */ + || !EVP_DecryptUpdate(ctx, tmp, &outl, + tmp + inlen - blocklen, blocklen) + /* Can now decrypt first n - 1 blocks */ + || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen) + + /* Reset IV to original value */ + || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL) + /* Decrypt again */ + || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen)) + goto err; /* Check check bytes */ if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) { /* Check byte failure */ @@ -265,8 +222,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen, memcpy(out, tmp + 4, *outlen); rv = 1; err: - OPENSSL_cleanse(tmp, inlen); - OPENSSL_free(tmp); + OPENSSL_clear_free(tmp, inlen); return rv; } @@ -304,8 +260,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen, && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0) return 0; /* Encrypt twice */ - EVP_EncryptUpdate(ctx, out, &dummy, out, olen); - EVP_EncryptUpdate(ctx, out, &dummy, out, olen); + if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) + || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen)) + return 0; } *outlen = olen; @@ -320,11 +277,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, { CMS_EncryptedContentInfo *ec; CMS_PasswordRecipientInfo *pwri; - const unsigned char *p = NULL; - int plen; int r = 0; X509_ALGOR *algtmp, *kekalg = NULL; - EVP_CIPHER_CTX kekctx; + EVP_CIPHER_CTX *kekctx = NULL; const EVP_CIPHER *kekcipher; unsigned char *key = NULL; size_t keylen; @@ -332,7 +287,6 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, ec = cms->d.envelopedData->encryptedContentInfo; pwri = ri->d.pwri; - EVP_CIPHER_CTX_init(&kekctx); if (!pwri->pass) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD); @@ -346,11 +300,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, return 0; } - if (algtmp->parameter->type == V_ASN1_SEQUENCE) { - p = algtmp->parameter->value.sequence->data; - plen = algtmp->parameter->value.sequence->length; - kekalg = d2i_X509_ALGOR(NULL, &p, plen); - } + kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), + algtmp->parameter); + if (kekalg == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER); @@ -361,14 +313,19 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (!kekcipher) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER); - goto err; + return 0; } + kekctx = EVP_CIPHER_CTX_new(); + if (kekctx == NULL) { + CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); + return 0; + } /* Fixup cipher based on AlgorithmIdentifier to set IV etc */ - if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de)) + if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de)) goto err; - EVP_CIPHER_CTX_set_padding(&kekctx, 0); - if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) { + EVP_CIPHER_CTX_set_padding(kekctx, 0); + if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) < 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR); goto err; @@ -380,7 +337,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass, pwri->passlen, - algtmp->parameter, &kekctx, en_de) < 0) { + algtmp->parameter, kekctx, en_de) < 0) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB); goto err; } @@ -389,28 +346,28 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, if (en_de) { - if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx)) + if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx)) goto err; key = OPENSSL_malloc(keylen); - if (!key) + if (key == NULL) goto err; - if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, &kekctx)) + if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx)) goto err; pwri->encryptedKey->data = key; pwri->encryptedKey->length = keylen; } else { key = OPENSSL_malloc(pwri->encryptedKey->length); - if (!key) { + if (key == NULL) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE); goto err; } if (!kek_unwrap_key(key, &keylen, pwri->encryptedKey->data, - pwri->encryptedKey->length, &kekctx)) { + pwri->encryptedKey->length, kekctx)) { CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE); goto err; } @@ -424,9 +381,9 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, err: - EVP_CIPHER_CTX_cleanup(&kekctx); + EVP_CIPHER_CTX_free(kekctx); - if (!r && key) + if (!r) OPENSSL_free(key); X509_ALGOR_free(kekalg); diff --git a/deps/openssl/openssl/crypto/cms/cms_sd.c b/deps/openssl/openssl/crypto/cms/cms_sd.c index a41aca8e12..4108fe7082 100644 --- a/deps/openssl/openssl/crypto/cms/cms_sd.c +++ b/deps/openssl/openssl/crypto/cms/cms_sd.c @@ -1,58 +1,13 @@ -/* crypto/cms/cms_sd.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/pem.h> #include <openssl/x509.h> @@ -60,12 +15,11 @@ #include <openssl/err.h> #include <openssl/cms.h> #include "cms_lcl.h" -#include "asn1_locl.h" +#include "internal/asn1_int.h" +#include "internal/evp_int.h" /* CMS SignedData Utilities */ -DECLARE_ASN1_ITEM(CMS_SignedData) - static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms) { if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) { @@ -94,7 +48,7 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms) return cms_get0_signed(cms); } -/* Just initialize SignedData e.g. for certs only structure */ +/* Just initialise SignedData e.g. for certs only structure */ int CMS_SignedData_init(CMS_ContentInfo *cms) { @@ -282,16 +236,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, si = M_ASN1_new_of(CMS_SignerInfo); if (!si) goto merr; + /* Call for side-effect of computing hash and caching extensions */ X509_check_purpose(signer, -1, -1); - CRYPTO_add(&pk->references, 1, CRYPTO_LOCK_EVP_PKEY); - CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); + X509_up_ref(signer); + EVP_PKEY_up_ref(pk); si->pkey = pk; si->signer = signer; - EVP_MD_CTX_init(&si->mctx); + si->mctx = EVP_MD_CTX_new(); si->pctx = NULL; + if (si->mctx == NULL) { + CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); + goto err; + } + if (flags & CMS_USE_KEYID) { si->version = 3; if (sd->version < 3) @@ -321,11 +281,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, goto err; } - cms_DigestAlgorithm_set(si->digestAlgorithm, md); + X509_ALGOR_set_md(si->digestAlgorithm, md); /* See if digest is present in digestAlgorithms */ for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) { - ASN1_OBJECT *aoid; + const ASN1_OBJECT *aoid; alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i); X509_ALGOR_get0(&aoid, NULL, NULL, alg); if (OBJ_obj2nid(aoid) == EVP_MD_type(md)) @@ -334,9 +294,9 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) { alg = X509_ALGOR_new(); - if (!alg) + if (alg == NULL) goto merr; - cms_DigestAlgorithm_set(alg, md); + X509_ALGOR_set_md(alg, md); if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) { X509_ALGOR_free(alg); goto merr; @@ -347,7 +307,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, goto err; if (!(flags & CMS_NOATTR)) { /* - * Initialialize signed attributes strutucture so other attributes + * Initialize signed attributes structure so other attributes * such as signing time etc are added later even if we add none here. */ if (!si->signedAttrs) { @@ -383,13 +343,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, if (flags & CMS_KEY_PARAM) { if (flags & CMS_NOATTR) { si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL); - if (!si->pctx) + if (si->pctx == NULL) goto err; if (EVP_PKEY_sign_init(si->pctx) <= 0) goto err; if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0) goto err; - } else if (EVP_DigestSignInit(&si->mctx, &si->pctx, md, NULL, pk) <= + } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <= 0) goto err; } @@ -404,8 +364,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, merr: CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE); err: - if (si) - M_ASN1_free_of(si, CMS_SignerInfo); + M_ASN1_free_of(si, CMS_SignerInfo); return NULL; } @@ -447,7 +406,7 @@ EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si) EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si) { - return &si->mctx; + return si->mctx; } STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms) @@ -486,13 +445,11 @@ STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms) void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer) { if (signer) { - CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509); - if (si->pkey) - EVP_PKEY_free(si->pkey); + X509_up_ref(signer); + EVP_PKEY_free(si->pkey); si->pkey = X509_get_pubkey(signer); } - if (si->signer) - X509_free(si->signer); + X509_free(si->signer); si->signer = signer; } @@ -576,19 +533,23 @@ ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si) static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain) { - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); int r = 0; EVP_PKEY_CTX *pctx = NULL; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); + return 0; + } if (!si->pkey) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY); - return 0; + goto err; } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; - /* Set SignerInfo algortihm details if we used custom parametsr */ + /* Set SignerInfo algorithm details if we used custom parameter */ if (si->pctx && !cms_sd_asn1_ctrl(si, 0)) goto err; @@ -601,7 +562,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, cms->d.signedData->encapContentInfo->eContentType; unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest, V_ASN1_OCTET_STRING, md, mdlen)) @@ -618,26 +579,28 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, unsigned char md[EVP_MAX_MD_SIZE]; unsigned int mdlen; pctx = si->pctx; - if (!EVP_DigestFinal_ex(&mctx, md, &mdlen)) + if (!EVP_DigestFinal_ex(mctx, md, &mdlen)) goto err; siglen = EVP_PKEY_size(si->pkey); sig = OPENSSL_malloc(siglen); - if (!sig) { + if (sig == NULL) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); goto err; } - if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) + if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) { + OPENSSL_free(sig); goto err; + } ASN1_STRING_set0(si->signature, sig, siglen); } else { unsigned char *sig; unsigned int siglen; sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey)); - if (!sig) { + if (sig == NULL) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE); goto err; } - if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) { + if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) { CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR); OPENSSL_free(sig); goto err; @@ -648,9 +611,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms, r = 1; err: - EVP_MD_CTX_cleanup(&mctx); - if (pctx) - EVP_PKEY_CTX_free(pctx); + EVP_MD_CTX_free(mctx); + EVP_PKEY_CTX_free(pctx); return r; } @@ -672,7 +634,7 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain) int CMS_SignerInfo_sign(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = si->mctx; EVP_PKEY_CTX *pctx; unsigned char *abuf = NULL; int alen; @@ -691,7 +653,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) if (si->pctx) pctx = si->pctx; else { - EVP_MD_CTX_init(mctx); + EVP_MD_CTX_reset(mctx); if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0) goto err; } @@ -712,7 +674,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) goto err; OPENSSL_free(abuf); abuf = OPENSSL_malloc(siglen); - if (!abuf) + if (abuf == NULL) goto err; if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) goto err; @@ -723,23 +685,22 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si) goto err; } - EVP_MD_CTX_cleanup(mctx); + EVP_MD_CTX_reset(mctx); ASN1_STRING_set0(si->signature, abuf, siglen); return 1; err: - if (abuf) - OPENSSL_free(abuf); - EVP_MD_CTX_cleanup(mctx); + OPENSSL_free(abuf); + EVP_MD_CTX_reset(mctx); return 0; } int CMS_SignerInfo_verify(CMS_SignerInfo *si) { - EVP_MD_CTX *mctx = &si->mctx; + EVP_MD_CTX *mctx = NULL; unsigned char *abuf = NULL; int alen, r = -1; const EVP_MD *md = NULL; @@ -752,7 +713,11 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm); if (md == NULL) return -1; - EVP_MD_CTX_init(mctx); + if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE); + return -1; + } + mctx = si->mctx; if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0) goto err; @@ -774,7 +739,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si) if (r <= 0) CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE); err: - EVP_MD_CTX_cleanup(mctx); + EVP_MD_CTX_reset(mctx); return r; } @@ -804,20 +769,23 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms) } return chain; err: - if (chain) - BIO_free_all(chain); + BIO_free_all(chain); return NULL; } int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) { ASN1_OCTET_STRING *os = NULL; - EVP_MD_CTX mctx; + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); EVP_PKEY_CTX *pkctx = NULL; int r = -1; unsigned char mval[EVP_MAX_MD_SIZE]; unsigned int mlen; - EVP_MD_CTX_init(&mctx); + + if (mctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE); + goto err; + } /* If we have any signed attributes look for messageDigest value */ if (CMS_signed_get_attr_count(si) >= 0) { os = CMS_signed_get0_data_by_OBJ(si, @@ -830,10 +798,10 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } } - if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm)) + if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm)) goto err; - if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) { + if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, CMS_R_UNABLE_TO_FINALIZE_CONTEXT); goto err; @@ -855,7 +823,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } else r = 1; } else { - const EVP_MD *md = EVP_MD_CTX_md(&mctx); + const EVP_MD *md = EVP_MD_CTX_md(mctx); pkctx = EVP_PKEY_CTX_new(si->pkey, NULL); if (pkctx == NULL) goto err; @@ -876,9 +844,8 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain) } err: - if (pkctx) - EVP_PKEY_CTX_free(pkctx); - EVP_MD_CTX_cleanup(&mctx); + EVP_PKEY_CTX_free(pkctx); + EVP_MD_CTX_free(mctx); return r; } @@ -903,21 +870,20 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, ASN1_INTEGER *key = NULL; if (keysize > 0) { key = ASN1_INTEGER_new(); - if (!key || !ASN1_INTEGER_set(key, keysize)) + if (key == NULL || !ASN1_INTEGER_set(key, keysize)) return 0; } alg = X509_ALGOR_new(); - if (!alg) { - if (key) - ASN1_INTEGER_free(key); + if (alg == NULL) { + ASN1_INTEGER_free(key); return 0; } X509_ALGOR_set0(alg, OBJ_nid2obj(algnid), key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key); - if (!*algs) + if (*algs == NULL) *algs = sk_X509_ALGOR_new_null(); - if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) { + if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) { X509_ALGOR_free(alg); return 0; } @@ -943,6 +909,8 @@ static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg) int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap) { if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) + || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) + || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) diff --git a/deps/openssl/openssl/crypto/cms/cms_smime.c b/deps/openssl/openssl/crypto/cms/cms_smime.c index 07e3472e10..7e7b6e5d4f 100644 --- a/deps/openssl/openssl/crypto/cms/cms_smime.c +++ b/deps/openssl/openssl/crypto/cms/cms_smime.c @@ -1,81 +1,43 @@ -/* crypto/cms/cms_smime.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL - * project. - */ -/* ==================================================================== - * Copyright (c) 2008 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. + * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved. * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/err.h> #include <openssl/cms.h> #include "cms_lcl.h" -#include "asn1_locl.h" +#include "internal/asn1_int.h" + +static BIO *cms_get_text_bio(BIO *out, unsigned int flags) +{ + BIO *rbio; + if (out == NULL) + rbio = BIO_new(BIO_s_null()); + else if (flags & CMS_TEXT) { + rbio = BIO_new(BIO_s_mem()); + BIO_set_mem_eof_return(rbio, 0); + } else + rbio = out; + return rbio; +} static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) { unsigned char buf[4096]; int r = 0, i; - BIO *tmpout = NULL; + BIO *tmpout; - if (out == NULL) - tmpout = BIO_new(BIO_s_null()); - else if (flags & CMS_TEXT) { - tmpout = BIO_new(BIO_s_mem()); - BIO_set_mem_eof_return(tmpout, 0); - } else - tmpout = out; + tmpout = cms_get_text_bio(out, flags); - if (!tmpout) { + if (tmpout == NULL) { CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE); goto err; } @@ -107,7 +69,7 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags) r = 1; err: - if (tmpout && (tmpout != out)) + if (tmpout != out) BIO_free(tmpout); return r; @@ -246,7 +208,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, return NULL; } cms = CMS_ContentInfo_new(); - if (!cms) + if (cms == NULL) return NULL; if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen)) return NULL; @@ -265,24 +227,28 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher, static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store, STACK_OF(X509) *certs, - STACK_OF(X509_CRL) *crls, - unsigned int flags) + STACK_OF(X509_CRL) *crls) { - X509_STORE_CTX ctx; + X509_STORE_CTX *ctx = X509_STORE_CTX_new(); X509 *signer; int i, j, r = 0; + + if (ctx == NULL) { + CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, ERR_R_MALLOC_FAILURE); + goto err; + } CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL); - if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) { + if (!X509_STORE_CTX_init(ctx, store, signer, certs)) { CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, CMS_R_STORE_INIT_ERROR); goto err; } - X509_STORE_CTX_set_default(&ctx, "smime_sign"); + X509_STORE_CTX_set_default(ctx, "smime_sign"); if (crls) - X509_STORE_CTX_set0_crls(&ctx, crls); + X509_STORE_CTX_set0_crls(ctx, crls); - i = X509_verify_cert(&ctx); + i = X509_verify_cert(ctx); if (i <= 0) { - j = X509_STORE_CTX_get_error(&ctx); + j = X509_STORE_CTX_get_error(ctx); CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, CMS_R_CERTIFICATE_VERIFY_ERROR); ERR_add_error_data(2, "Verify error:", @@ -291,7 +257,7 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si, } r = 1; err: - X509_STORE_CTX_cleanup(&ctx); + X509_STORE_CTX_free(ctx); return r; } @@ -305,10 +271,15 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, STACK_OF(X509_CRL) *crls = NULL; X509 *signer; int i, scount = 0, ret = 0; - BIO *cmsbio = NULL, *tmpin = NULL; + BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL; if (!dcont && !check_content(cms)) return 0; + if (dcont && !(flags & CMS_BINARY)) { + const ASN1_OBJECT *coid = CMS_get0_eContentType(cms); + if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF) + flags |= CMS_ASCIICRLF; + } /* Attempt to find all signer certificates */ @@ -342,8 +313,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, crls = CMS_get1_crls(cms); for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); - if (!cms_signerinfo_verify_cert(si, store, - cms_certs, crls, flags)) + if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls)) goto err; } } @@ -378,14 +348,44 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, } } else tmpin = dcont; + /* + * If not binary mode and detached generate digests by *writing* through + * the BIO. That makes it possible to canonicalise the input. + */ + if (!(flags & SMIME_BINARY) && dcont) { + /* + * Create output BIO so we can either handle text or to ensure + * included content doesn't override detached content. + */ + tmpout = cms_get_text_bio(out, flags); + if (!tmpout) { + CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE); + goto err; + } + cmsbio = CMS_dataInit(cms, tmpout); + if (!cmsbio) + goto err; + /* + * Don't use SMIME_TEXT for verify: it adds headers and we want to + * remove them. + */ + SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT); - cmsbio = CMS_dataInit(cms, tmpin); - if (!cmsbio) - goto err; + if (flags & CMS_TEXT) { + if (!SMIME_text(tmpout, out)) { + CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR); + goto err; + } + } + } else { + cmsbio = CMS_dataInit(cms, tmpin); + if (!cmsbio) + goto err; - if (!cms_copy_content(out, cmsbio, flags)) - goto err; + if (!cms_copy_content(out, cmsbio, flags)) + goto err; + } if (!(flags & CMS_NO_CONTENT_VERIFY)) { for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) { si = sk_CMS_SignerInfo_value(sinfos, i); @@ -399,17 +399,23 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, ret = 1; err: + if (!(flags & SMIME_BINARY) && dcont) { + do_free_upto(cmsbio, tmpout); + if (tmpin != dcont) + BIO_free(tmpin); + } else { + if (dcont && (tmpin == dcont)) + do_free_upto(cmsbio, dcont); + else + BIO_free_all(cmsbio); + } - if (dcont && (tmpin == dcont)) - do_free_upto(cmsbio, dcont); - else - BIO_free_all(cmsbio); + if (out != tmpout) + BIO_free_all(tmpout); err2: - if (cms_certs) - sk_X509_pop_free(cms_certs, X509_free); - if (crls) - sk_X509_CRL_pop_free(crls, X509_CRL_free); + sk_X509_pop_free(cms_certs, X509_free); + sk_X509_CRL_pop_free(crls, X509_CRL_free); return ret; } @@ -434,8 +440,12 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, int i; cms = CMS_ContentInfo_new(); - if (!cms || !CMS_SignedData_init(cms)) + if (cms == NULL || !CMS_SignedData_init(cms)) goto merr; + if (flags & CMS_ASCIICRLF + && !CMS_set1_eContentType(cms, + OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF))) + goto err; if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) { CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR); @@ -461,8 +471,7 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE); err: - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); return NULL; } @@ -526,8 +535,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, r = 1; err: - if (rct_cont) - BIO_free(rct_cont); + BIO_free(rct_cont); if (r) return cms; CMS_ContentInfo_free(cms); @@ -564,8 +572,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data, merr: CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE); err: - if (cms) - CMS_ContentInfo_free(cms); + CMS_ContentInfo_free(cms); return NULL; } @@ -576,19 +583,17 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, STACK_OF(CMS_RecipientEncryptedKey) *reks; CMS_RecipientEncryptedKey *rek; reks = CMS_RecipientInfo_kari_get0_reks(ri); - if (!cert) - return 0; for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) { int rv; rek = sk_CMS_RecipientEncryptedKey_value(reks, i); - if (CMS_RecipientEncryptedKey_cert_cmp(rek, cert)) + if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert)) continue; CMS_RecipientInfo_kari_set0_pkey(ri, pk); rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek); CMS_RecipientInfo_kari_set0_pkey(ri, NULL); if (rv > 0) return 1; - return -1; + return cert == NULL ? 0 : -1; } return 0; } @@ -652,8 +657,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) return 1; } } - /* If no cert and not debugging always return success */ - if (match_ri && !cert && !debug) { + /* If no cert, key transport and not debugging always return success */ + if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) { ERR_clear_error(); return 1; } @@ -665,7 +670,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert) int CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, size_t keylen, - unsigned char *id, size_t idlen) + const unsigned char *id, size_t idlen) { STACK_OF(CMS_RecipientInfo) *ris; CMS_RecipientInfo *ri; @@ -753,7 +758,8 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags) { BIO *cmsbio; int ret = 0; - if (!(cmsbio = CMS_dataInit(cms, dcont))) { + + if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) { CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB); return 0; } |