Lines Matching +full:no +full:- +full:cms
2 * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
15 #include <openssl/cms.h>
23 /* CMS EnvelopedData Utilities */
29 static int cms_get_enveloped_type(const CMS_ContentInfo *cms) in cms_get_enveloped_type() argument
31 int nid = OBJ_obj2nid(cms->contentType); in cms_get_enveloped_type()
46 CMS_EnvelopedData *ossl_cms_get0_enveloped(CMS_ContentInfo *cms) in ossl_cms_get0_enveloped() argument
48 if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) { in ossl_cms_get0_enveloped()
52 return cms->d.envelopedData; in ossl_cms_get0_enveloped()
55 CMS_AuthEnvelopedData *ossl_cms_get0_auth_enveloped(CMS_ContentInfo *cms) in ossl_cms_get0_auth_enveloped() argument
57 if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_authEnvelopedData) { in ossl_cms_get0_auth_enveloped()
61 return cms->d.authEnvelopedData; in ossl_cms_get0_auth_enveloped()
64 static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms) in cms_enveloped_data_init() argument
66 if (cms->d.other == NULL) { in cms_enveloped_data_init()
67 cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData); in cms_enveloped_data_init()
68 if (cms->d.envelopedData == NULL) { in cms_enveloped_data_init()
72 cms->d.envelopedData->version = 0; in cms_enveloped_data_init()
73 cms->d.envelopedData->encryptedContentInfo->contentType = in cms_enveloped_data_init()
75 ASN1_OBJECT_free(cms->contentType); in cms_enveloped_data_init()
76 cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped); in cms_enveloped_data_init()
77 return cms->d.envelopedData; in cms_enveloped_data_init()
79 return ossl_cms_get0_enveloped(cms); in cms_enveloped_data_init()
83 cms_auth_enveloped_data_init(CMS_ContentInfo *cms) in cms_auth_enveloped_data_init() argument
85 if (cms->d.other == NULL) { in cms_auth_enveloped_data_init()
86 cms->d.authEnvelopedData = M_ASN1_new_of(CMS_AuthEnvelopedData); in cms_auth_enveloped_data_init()
87 if (cms->d.authEnvelopedData == NULL) { in cms_auth_enveloped_data_init()
91 /* Defined in RFC 5083 - Section 2.1. "AuthEnvelopedData Type" */ in cms_auth_enveloped_data_init()
92 cms->d.authEnvelopedData->version = 0; in cms_auth_enveloped_data_init()
93 cms->d.authEnvelopedData->authEncryptedContentInfo->contentType = in cms_auth_enveloped_data_init()
95 ASN1_OBJECT_free(cms->contentType); in cms_auth_enveloped_data_init()
96 cms->contentType = OBJ_nid2obj(NID_id_smime_ct_authEnvelopedData); in cms_auth_enveloped_data_init()
97 return cms->d.authEnvelopedData; in cms_auth_enveloped_data_init()
99 return ossl_cms_get0_auth_enveloped(cms); in cms_auth_enveloped_data_init()
106 if (ri->type == CMS_RECIPINFO_TRANS) in ossl_cms_env_asn1_ctrl()
107 pkey = ri->d.ktri->pkey; in ossl_cms_env_asn1_ctrl()
108 else if (ri->type == CMS_RECIPINFO_AGREE) { in ossl_cms_env_asn1_ctrl()
109 EVP_PKEY_CTX *pctx = ri->d.kari->pctx; in ossl_cms_env_asn1_ctrl()
127 if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL) in ossl_cms_env_asn1_ctrl()
129 i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri); in ossl_cms_env_asn1_ctrl()
130 if (i == -2) { in ossl_cms_env_asn1_ctrl()
141 CMS_EncryptedContentInfo* ossl_cms_get0_env_enc_content(const CMS_ContentInfo *cms) in ossl_cms_get0_env_enc_content() argument
143 switch (cms_get_enveloped_type(cms)) { in ossl_cms_get0_env_enc_content()
145 return cms->d.envelopedData->encryptedContentInfo; in ossl_cms_get0_env_enc_content()
148 return cms->d.authEnvelopedData->authEncryptedContentInfo; in ossl_cms_get0_env_enc_content()
155 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms) in STACK_OF()
157 switch (cms_get_enveloped_type(cms)) { in STACK_OF()
159 return cms->d.envelopedData->recipientInfos; in STACK_OF()
162 return cms->d.authEnvelopedData->recipientInfos; in STACK_OF()
169 void ossl_cms_RecipientInfos_set_cmsctx(CMS_ContentInfo *cms) in ossl_cms_RecipientInfos_set_cmsctx() argument
173 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); in ossl_cms_RecipientInfos_set_cmsctx()
174 STACK_OF(CMS_RecipientInfo) *rinfos = CMS_get0_RecipientInfos(cms); in ossl_cms_RecipientInfos_set_cmsctx()
179 switch (ri->type) { in ossl_cms_RecipientInfos_set_cmsctx()
181 ri->d.kari->cms_ctx = ctx; in ossl_cms_RecipientInfos_set_cmsctx()
184 ri->d.ktri->cms_ctx = ctx; in ossl_cms_RecipientInfos_set_cmsctx()
185 ossl_x509_set0_libctx(ri->d.ktri->recip, in ossl_cms_RecipientInfos_set_cmsctx()
190 ri->d.kekri->cms_ctx = ctx; in ossl_cms_RecipientInfos_set_cmsctx()
193 ri->d.pwri->cms_ctx = ctx; in ossl_cms_RecipientInfos_set_cmsctx()
204 return ri->type; in CMS_RecipientInfo_type()
209 if (ri->type == CMS_RECIPINFO_TRANS) in CMS_RecipientInfo_get0_pkey_ctx()
210 return ri->d.ktri->pctx; in CMS_RecipientInfo_get0_pkey_ctx()
211 else if (ri->type == CMS_RECIPINFO_AGREE) in CMS_RecipientInfo_get0_pkey_ctx()
212 return ri->d.kari->pctx; in CMS_RecipientInfo_get0_pkey_ctx()
220 CMS_ContentInfo *cms; in CMS_EnvelopedData_create_ex() local
223 cms = CMS_ContentInfo_new_ex(libctx, propq); in CMS_EnvelopedData_create_ex()
224 if (cms == NULL) in CMS_EnvelopedData_create_ex()
226 env = cms_enveloped_data_init(cms); in CMS_EnvelopedData_create_ex()
230 if (!ossl_cms_EncryptedContent_init(env->encryptedContentInfo, cipher, NULL, in CMS_EnvelopedData_create_ex()
231 0, ossl_cms_get0_cmsctx(cms))) in CMS_EnvelopedData_create_ex()
233 return cms; in CMS_EnvelopedData_create_ex()
235 CMS_ContentInfo_free(cms); in CMS_EnvelopedData_create_ex()
249 CMS_ContentInfo *cms; in CMS_AuthEnvelopedData_create_ex() local
252 cms = CMS_ContentInfo_new_ex(libctx, propq); in CMS_AuthEnvelopedData_create_ex()
253 if (cms == NULL) in CMS_AuthEnvelopedData_create_ex()
255 aenv = cms_auth_enveloped_data_init(cms); in CMS_AuthEnvelopedData_create_ex()
258 if (!ossl_cms_EncryptedContent_init(aenv->authEncryptedContentInfo, in CMS_AuthEnvelopedData_create_ex()
260 ossl_cms_get0_cmsctx(cms))) in CMS_AuthEnvelopedData_create_ex()
262 return cms; in CMS_AuthEnvelopedData_create_ex()
264 CMS_ContentInfo_free(cms); in CMS_AuthEnvelopedData_create_ex()
286 ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo); in cms_RecipientInfo_ktri_init()
287 if (!ri->d.ktri) in cms_RecipientInfo_ktri_init()
289 ri->type = CMS_RECIPINFO_TRANS; in cms_RecipientInfo_ktri_init()
291 ktri = ri->d.ktri; in cms_RecipientInfo_ktri_init()
292 ktri->cms_ctx = ctx; in cms_RecipientInfo_ktri_init()
295 ktri->version = 2; in cms_RecipientInfo_ktri_init()
298 ktri->version = 0; in cms_RecipientInfo_ktri_init()
307 if (!ossl_cms_set1_SignerIdentifier(ktri->rid, recip, idtype, ctx)) in cms_RecipientInfo_ktri_init()
313 ktri->pkey = pk; in cms_RecipientInfo_ktri_init()
314 ktri->recip = recip; in cms_RecipientInfo_ktri_init()
317 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx), in cms_RecipientInfo_ktri_init()
318 ktri->pkey, in cms_RecipientInfo_ktri_init()
320 if (ktri->pctx == NULL) in cms_RecipientInfo_ktri_init()
322 if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0) in cms_RecipientInfo_ktri_init()
333 CMS_RecipientInfo *CMS_add1_recipient(CMS_ContentInfo *cms, X509 *recip, in CMS_add1_recipient() argument
340 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); in CMS_add1_recipient()
342 ris = CMS_get0_RecipientInfos(cms); in CMS_add1_recipient()
389 CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, in CMS_add1_recipient_cert() argument
392 return CMS_add1_recipient(cms, recip, NULL, NULL, flags); in CMS_add1_recipient_cert()
400 if (ri->type != CMS_RECIPINFO_TRANS) { in CMS_RecipientInfo_ktri_get0_algs()
405 ktri = ri->d.ktri; in CMS_RecipientInfo_ktri_get0_algs()
408 *pk = ktri->pkey; in CMS_RecipientInfo_ktri_get0_algs()
410 *recip = ktri->recip; in CMS_RecipientInfo_ktri_get0_algs()
412 *palg = ktri->keyEncryptionAlgorithm; in CMS_RecipientInfo_ktri_get0_algs()
422 if (ri->type != CMS_RECIPINFO_TRANS) { in CMS_RecipientInfo_ktri_get0_signer_id()
426 ktri = ri->d.ktri; in CMS_RecipientInfo_ktri_get0_signer_id()
428 return ossl_cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, in CMS_RecipientInfo_ktri_get0_signer_id()
434 if (ri->type != CMS_RECIPINFO_TRANS) { in CMS_RecipientInfo_ktri_cert_cmp()
436 return -2; in CMS_RecipientInfo_ktri_cert_cmp()
438 return ossl_cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert); in CMS_RecipientInfo_ktri_cert_cmp()
443 if (ri->type != CMS_RECIPINFO_TRANS) { in CMS_RecipientInfo_set0_pkey()
447 EVP_PKEY_free(ri->d.ktri->pkey); in CMS_RecipientInfo_set0_pkey()
448 ri->d.ktri->pkey = pkey; in CMS_RecipientInfo_set0_pkey()
454 static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms, in cms_RecipientInfo_ktri_encrypt() argument
462 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); in cms_RecipientInfo_ktri_encrypt()
466 if (ri->type != CMS_RECIPINFO_TRANS) { in cms_RecipientInfo_ktri_encrypt()
470 ktri = ri->d.ktri; in cms_RecipientInfo_ktri_encrypt()
471 ec = ossl_cms_get0_env_enc_content(cms); in cms_RecipientInfo_ktri_encrypt()
473 pctx = ktri->pctx; in cms_RecipientInfo_ktri_encrypt()
480 ktri->pkey, in cms_RecipientInfo_ktri_encrypt()
489 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0) in cms_RecipientInfo_ktri_encrypt()
499 if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0) in cms_RecipientInfo_ktri_encrypt()
502 ASN1_STRING_set0(ktri->encryptedKey, ek, eklen); in cms_RecipientInfo_ktri_encrypt()
509 ktri->pctx = NULL; in cms_RecipientInfo_ktri_encrypt()
516 static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, in cms_RecipientInfo_ktri_decrypt() argument
519 CMS_KeyTransRecipientInfo *ktri = ri->d.ktri; in cms_RecipientInfo_ktri_decrypt()
520 EVP_PKEY *pkey = ktri->pkey; in cms_RecipientInfo_ktri_decrypt()
528 const CMS_CTX *ctx = ossl_cms_get0_cmsctx(cms); in cms_RecipientInfo_ktri_decrypt()
532 ec = ossl_cms_get0_env_enc_content(cms); in cms_RecipientInfo_ktri_decrypt()
534 if (ktri->pkey == NULL) { in cms_RecipientInfo_ktri_decrypt()
539 if (cms->d.envelopedData->encryptedContentInfo->havenocert in cms_RecipientInfo_ktri_decrypt()
540 && !cms->d.envelopedData->encryptedContentInfo->debug) { in cms_RecipientInfo_ktri_decrypt()
541 X509_ALGOR *calg = ec->contentEncryptionAlgorithm; in cms_RecipientInfo_ktri_decrypt()
544 OBJ_obj2txt(name, sizeof(name), calg->algorithm, 0); in cms_RecipientInfo_ktri_decrypt()
552 cipher = EVP_get_cipherbyobj(calg->algorithm); in cms_RecipientInfo_ktri_decrypt()
564 ktri->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, propq); in cms_RecipientInfo_ktri_decrypt()
565 if (ktri->pctx == NULL) in cms_RecipientInfo_ktri_decrypt()
568 if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0) in cms_RecipientInfo_ktri_decrypt()
574 if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, in cms_RecipientInfo_ktri_decrypt()
575 ktri->encryptedKey->data, in cms_RecipientInfo_ktri_decrypt()
576 ktri->encryptedKey->length) <= 0) in cms_RecipientInfo_ktri_decrypt()
585 if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, in cms_RecipientInfo_ktri_decrypt()
586 ktri->encryptedKey->data, in cms_RecipientInfo_ktri_decrypt()
587 ktri->encryptedKey->length) <= 0 in cms_RecipientInfo_ktri_decrypt()
596 OPENSSL_clear_free(ec->key, ec->keylen); in cms_RecipientInfo_ktri_decrypt()
597 ec->key = ek; in cms_RecipientInfo_ktri_decrypt()
598 ec->keylen = eklen; in cms_RecipientInfo_ktri_decrypt()
601 EVP_PKEY_CTX_free(ktri->pctx); in cms_RecipientInfo_ktri_decrypt()
602 ktri->pctx = NULL; in cms_RecipientInfo_ktri_decrypt()
616 if (ri->type != CMS_RECIPINFO_KEK) { in CMS_RecipientInfo_kekri_id_cmp()
618 return -2; in CMS_RecipientInfo_kekri_id_cmp()
620 kekri = ri->d.kekri; in CMS_RecipientInfo_kekri_id_cmp()
625 return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier); in CMS_RecipientInfo_kekri_id_cmp()
647 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, in CMS_add0_recipient_key() argument
656 STACK_OF(CMS_RecipientInfo) *ris = CMS_get0_RecipientInfos(cms); in CMS_add0_recipient_key()
701 ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo); in CMS_add0_recipient_key()
702 if (!ri->d.kekri) in CMS_add0_recipient_key()
704 ri->type = CMS_RECIPINFO_KEK; in CMS_add0_recipient_key()
706 kekri = ri->d.kekri; in CMS_add0_recipient_key()
709 kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute); in CMS_add0_recipient_key()
710 if (kekri->kekid->other == NULL) in CMS_add0_recipient_key()
717 /* After this point no calls can fail */ in CMS_add0_recipient_key()
719 kekri->version = 4; in CMS_add0_recipient_key()
721 kekri->key = key; in CMS_add0_recipient_key()
722 kekri->keylen = keylen; in CMS_add0_recipient_key()
724 ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen); in CMS_add0_recipient_key()
726 kekri->kekid->date = date; in CMS_add0_recipient_key()
728 if (kekri->kekid->other) { in CMS_add0_recipient_key()
729 kekri->kekid->other->keyAttrId = otherTypeId; in CMS_add0_recipient_key()
730 kekri->kekid->other->keyAttr = otherType; in CMS_add0_recipient_key()
733 X509_ALGOR_set0(kekri->keyEncryptionAlgorithm, in CMS_add0_recipient_key()
753 if (ri->type != CMS_RECIPINFO_KEK) { in CMS_RecipientInfo_kekri_get0_id()
757 rkid = ri->d.kekri->kekid; in CMS_RecipientInfo_kekri_get0_id()
759 *palg = ri->d.kekri->keyEncryptionAlgorithm; in CMS_RecipientInfo_kekri_get0_id()
761 *pid = rkid->keyIdentifier; in CMS_RecipientInfo_kekri_get0_id()
763 *pdate = rkid->date; in CMS_RecipientInfo_kekri_get0_id()
765 if (rkid->other) in CMS_RecipientInfo_kekri_get0_id()
766 *potherid = rkid->other->keyAttrId; in CMS_RecipientInfo_kekri_get0_id()
771 if (rkid->other) in CMS_RecipientInfo_kekri_get0_id()
772 *pothertype = rkid->other->keyAttr; in CMS_RecipientInfo_kekri_get0_id()
783 if (ri->type != CMS_RECIPINFO_KEK) { in CMS_RecipientInfo_set0_key()
788 kekri = ri->d.kekri; in CMS_RecipientInfo_set0_key()
789 kekri->key = key; in CMS_RecipientInfo_set0_key()
790 kekri->keylen = keylen; in CMS_RecipientInfo_set0_key()
800 alg = "AES-128-WRAP"; in cms_get_key_wrap_cipher()
803 alg = "AES-192-WRAP"; in cms_get_key_wrap_cipher()
806 alg = "AES-256-WRAP"; in cms_get_key_wrap_cipher()
818 static int cms_RecipientInfo_kekri_encrypt(const CMS_ContentInfo *cms, in cms_RecipientInfo_kekri_encrypt() argument
829 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); in cms_RecipientInfo_kekri_encrypt()
831 ec = ossl_cms_get0_env_enc_content(cms); in cms_RecipientInfo_kekri_encrypt()
835 kekri = ri->d.kekri; in cms_RecipientInfo_kekri_encrypt()
837 if (kekri->key == NULL) { in cms_RecipientInfo_kekri_encrypt()
842 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx); in cms_RecipientInfo_kekri_encrypt()
849 wkey = OPENSSL_malloc(ec->keylen + 8); in cms_RecipientInfo_kekri_encrypt()
862 if (!EVP_EncryptInit_ex(ctx, cipher, NULL, kekri->key, NULL) in cms_RecipientInfo_kekri_encrypt()
863 || !EVP_EncryptUpdate(ctx, wkey, &wkeylen, ec->key, ec->keylen) in cms_RecipientInfo_kekri_encrypt()
869 if (!ossl_assert((size_t)wkeylen == ec->keylen + 8)) { in cms_RecipientInfo_kekri_encrypt()
874 ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen); in cms_RecipientInfo_kekri_encrypt()
889 static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, in cms_RecipientInfo_kekri_decrypt() argument
900 const CMS_CTX *cms_ctx = ossl_cms_get0_cmsctx(cms); in cms_RecipientInfo_kekri_decrypt()
902 ec = ossl_cms_get0_env_enc_content(cms); in cms_RecipientInfo_kekri_decrypt()
906 kekri = ri->d.kekri; in cms_RecipientInfo_kekri_decrypt()
908 if (!kekri->key) { in cms_RecipientInfo_kekri_decrypt()
913 wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm); in cms_RecipientInfo_kekri_decrypt()
914 if (aes_wrap_keylen(wrap_nid) != kekri->keylen) { in cms_RecipientInfo_kekri_decrypt()
921 if (kekri->encryptedKey->length < 16) { in cms_RecipientInfo_kekri_decrypt()
926 cipher = cms_get_key_wrap_cipher(kekri->keylen, cms_ctx); in cms_RecipientInfo_kekri_decrypt()
932 ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8); in cms_RecipientInfo_kekri_decrypt()
944 if (!EVP_DecryptInit_ex(ctx, cipher, NULL, kekri->key, NULL) in cms_RecipientInfo_kekri_decrypt()
946 kekri->encryptedKey->data, in cms_RecipientInfo_kekri_decrypt()
947 kekri->encryptedKey->length) in cms_RecipientInfo_kekri_decrypt()
954 OPENSSL_clear_free(ec->key, ec->keylen); in cms_RecipientInfo_kekri_decrypt()
955 ec->key = ukey; in cms_RecipientInfo_kekri_decrypt()
956 ec->keylen = ukeylen; in cms_RecipientInfo_kekri_decrypt()
969 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri) in CMS_RecipientInfo_decrypt() argument
971 switch (ri->type) { in CMS_RecipientInfo_decrypt()
973 return cms_RecipientInfo_ktri_decrypt(cms, ri); in CMS_RecipientInfo_decrypt()
976 return cms_RecipientInfo_kekri_decrypt(cms, ri); in CMS_RecipientInfo_decrypt()
979 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 0); in CMS_RecipientInfo_decrypt()
987 int CMS_RecipientInfo_encrypt(const CMS_ContentInfo *cms, CMS_RecipientInfo *ri) in CMS_RecipientInfo_encrypt() argument
989 switch (ri->type) { in CMS_RecipientInfo_encrypt()
991 return cms_RecipientInfo_ktri_encrypt(cms, ri); in CMS_RecipientInfo_encrypt()
994 return ossl_cms_RecipientInfo_kari_encrypt(cms, ri); in CMS_RecipientInfo_encrypt()
997 return cms_RecipientInfo_kekri_encrypt(cms, ri); in CMS_RecipientInfo_encrypt()
1000 return ossl_cms_RecipientInfo_pwri_crypt(cms, ri, 1); in CMS_RecipientInfo_encrypt()
1012 CMS_OriginatorInfo *org = env->originatorInfo; in cms_env_set_originfo_version()
1016 for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) { in cms_env_set_originfo_version()
1018 cch = sk_CMS_CertificateChoices_value(org->certificates, i); in cms_env_set_originfo_version()
1019 if (cch->type == CMS_CERTCHOICE_OTHER) { in cms_env_set_originfo_version()
1020 env->version = 4; in cms_env_set_originfo_version()
1022 } else if (cch->type == CMS_CERTCHOICE_V2ACERT) { in cms_env_set_originfo_version()
1023 if (env->version < 3) in cms_env_set_originfo_version()
1024 env->version = 3; in cms_env_set_originfo_version()
1028 for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) { in cms_env_set_originfo_version()
1030 rch = sk_CMS_RevocationInfoChoice_value(org->crls, i); in cms_env_set_originfo_version()
1031 if (rch->type == CMS_REVCHOICE_OTHER) { in cms_env_set_originfo_version()
1032 env->version = 4; in cms_env_set_originfo_version()
1046 if (env->version >= 4) in cms_env_set_version()
1051 if (env->version >= 3) in cms_env_set_version()
1054 for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) { in cms_env_set_version()
1055 ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i); in cms_env_set_version()
1056 if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) { in cms_env_set_version()
1057 env->version = 3; in cms_env_set_version()
1059 } else if (ri->type != CMS_RECIPINFO_TRANS in cms_env_set_version()
1060 || ri->d.ktri->version != 0) { in cms_env_set_version()
1061 env->version = 2; in cms_env_set_version()
1064 if (env->originatorInfo || env->unprotectedAttrs) in cms_env_set_version()
1065 env->version = 2; in cms_env_set_version()
1066 if (env->version == 2) in cms_env_set_version()
1068 env->version = 0; in cms_env_set_version()
1071 static int cms_env_encrypt_content_key(const CMS_ContentInfo *cms, in cms_env_encrypt_content_key() argument
1079 if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) in cms_env_encrypt_content_key()
1080 return -1; in cms_env_encrypt_content_key()
1087 ec->cipher = NULL; in cms_env_clear_ec()
1088 OPENSSL_clear_free(ec->key, ec->keylen); in cms_env_clear_ec()
1089 ec->key = NULL; in cms_env_clear_ec()
1090 ec->keylen = 0; in cms_env_clear_ec()
1093 static BIO *cms_EnvelopedData_Decryption_init_bio(CMS_ContentInfo *cms) in cms_EnvelopedData_Decryption_init_bio() argument
1095 CMS_EncryptedContentInfo *ec = cms->d.envelopedData->encryptedContentInfo; in cms_EnvelopedData_Decryption_init_bio()
1097 ossl_cms_get0_cmsctx(cms)); in cms_EnvelopedData_Decryption_init_bio()
1115 cms->d.envelopedData->unprotectedAttrs) <= 0) { in cms_EnvelopedData_Decryption_init_bio()
1122 static BIO *cms_EnvelopedData_Encryption_init_bio(CMS_ContentInfo *cms) in cms_EnvelopedData_Encryption_init_bio() argument
1128 CMS_EnvelopedData *env = cms->d.envelopedData; in cms_EnvelopedData_Encryption_init_bio()
1132 ec = env->encryptedContentInfo; in cms_EnvelopedData_Encryption_init_bio()
1133 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms)); in cms_EnvelopedData_Encryption_init_bio()
1140 rinfos = env->recipientInfos; in cms_EnvelopedData_Encryption_init_bio()
1141 if (cms_env_encrypt_content_key(cms, rinfos) < 0) { in cms_EnvelopedData_Encryption_init_bio()
1159 BIO *ossl_cms_EnvelopedData_init_bio(CMS_ContentInfo *cms) in ossl_cms_EnvelopedData_init_bio() argument
1161 if (cms->d.envelopedData->encryptedContentInfo->cipher != NULL) { in ossl_cms_EnvelopedData_init_bio()
1163 return cms_EnvelopedData_Encryption_init_bio(cms); in ossl_cms_EnvelopedData_init_bio()
1167 return cms_EnvelopedData_Decryption_init_bio(cms); in ossl_cms_EnvelopedData_init_bio()
1170 BIO *ossl_cms_AuthEnvelopedData_init_bio(CMS_ContentInfo *cms) in ossl_cms_AuthEnvelopedData_init_bio() argument
1176 CMS_AuthEnvelopedData *aenv = cms->d.authEnvelopedData; in ossl_cms_AuthEnvelopedData_init_bio()
1179 ec = aenv->authEncryptedContentInfo; in ossl_cms_AuthEnvelopedData_init_bio()
1181 if (ec->cipher == NULL) { in ossl_cms_AuthEnvelopedData_init_bio()
1182 ec->tag = aenv->mac->data; in ossl_cms_AuthEnvelopedData_init_bio()
1183 ec->taglen = aenv->mac->length; in ossl_cms_AuthEnvelopedData_init_bio()
1185 ret = ossl_cms_EncryptedContent_init_bio(ec, ossl_cms_get0_cmsctx(cms)); in ossl_cms_AuthEnvelopedData_init_bio()
1187 /* If error or no cipher end of processing */ in ossl_cms_AuthEnvelopedData_init_bio()
1188 if (ret == NULL || ec->cipher == NULL) in ossl_cms_AuthEnvelopedData_init_bio()
1192 rinfos = aenv->recipientInfos; in ossl_cms_AuthEnvelopedData_init_bio()
1193 if (cms_env_encrypt_content_key(cms, rinfos) < 0) { in ossl_cms_AuthEnvelopedData_init_bio()
1199 aenv->version = 0; in ossl_cms_AuthEnvelopedData_init_bio()
1211 int ossl_cms_EnvelopedData_final(CMS_ContentInfo *cms, BIO *chain) in ossl_cms_EnvelopedData_final() argument
1217 env = ossl_cms_get0_enveloped(cms); in ossl_cms_EnvelopedData_final()
1234 if (env->unprotectedAttrs == NULL) in ossl_cms_EnvelopedData_final()
1235 env->unprotectedAttrs = sk_X509_ATTRIBUTE_new_null(); in ossl_cms_EnvelopedData_final()
1237 if (env->unprotectedAttrs == NULL) { in ossl_cms_EnvelopedData_final()
1243 1, env->unprotectedAttrs) <= 0) { in ossl_cms_EnvelopedData_final()
1249 cms_env_set_version(cms->d.envelopedData); in ossl_cms_EnvelopedData_final()
1253 int ossl_cms_AuthEnvelopedData_final(CMS_ContentInfo *cms, BIO *cmsbio) in ossl_cms_AuthEnvelopedData_final() argument
1277 if (!ASN1_OCTET_STRING_set(cms->d.authEnvelopedData->mac, tag, taglen)) in ossl_cms_AuthEnvelopedData_final()
1309 if (pk->ameth && pk->ameth->pkey_ctrl) { in ossl_cms_pkey_get_ri_type()
1311 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r); in ossl_cms_pkey_get_ri_type()
1322 if (pk->ameth != NULL && pk->ameth->pkey_ctrl != NULL) { in ossl_cms_pkey_is_ri_type_supported()
1325 i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_IS_RI_TYPE_SUPPORTED, in ossl_cms_pkey_is_ri_type_supported()