root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
openssl/crypto/cms/cms_kari.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

531 lines
16 KiB
C
Raw Normal View History

CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
/*
Copyright year updates Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes
2025-02-11 22:27:50 +08:00
* Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
*
Following the license change, modify the boilerplates in crypto/cms/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7783)
2018-12-06 20:32:50 +08:00
* Licensed under the Apache License 2.0 (the "License"). You may not use
Copyright consolidation 09/10 Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-18 02:52:22 +08:00
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
*/
EVP: deprecate the EVP_X_meth_ functions. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11082)
2020-02-13 09:00:57 +08:00
/*
* Low level key APIs (DH etc) are deprecated for public use, but still ok for
* internal use.
*/
#include "internal/deprecated.h"
Identify and move common internal libcrypto header files There are header files in crypto/ that are used by a number of crypto/ submodules. Move those to crypto/include/internal and adapt the affected source code and Makefiles. The header files that got moved are: crypto/cryptolib.h crypto/md32_common.h Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-14 22:56:48 +08:00
#include "internal/cryptlib.h"
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
#include <openssl/asn1t.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/err.h>
#include <openssl/cms.h>
#include <openssl/aes.h>
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 06:45:40 +08:00
#include "cms_local.h"
Reorganize private crypto header files Currently, there are two different directories which contain internal header files of libcrypto which are meant to be shared internally: While header files in 'include/internal' are intended to be shared between libcrypto and libssl, the files in 'crypto/include/internal' are intended to be shared inside libcrypto only. To make things complicated, the include search path is set up in such a way that the directive #include "internal/file.h" could refer to a file in either of these two directoroes. This makes it necessary in some cases to add a '_int.h' suffix to some files to resolve this ambiguity: #include "internal/file.h" # located in 'include/internal' #include "internal/file_int.h" # located in 'crypto/include/internal' This commit moves the private crypto headers from 'crypto/include/internal' to 'include/crypto' As a result, the include directives become unambiguous #include "internal/file.h" # located in 'include/internal' #include "crypto/file.h" # located in 'include/crypto' hence the superfluous '_int.h' suffixes can be stripped. The files 'store_int.h' and 'store.h' need to be treated specially; they are joined into a single file. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
2019-09-28 06:45:33 +08:00
#include "crypto/asn1.h"
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
/* Key Agreement Recipient Info (KARI) routines */
int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
X509_ALGOR **palg,
ASN1_OCTET_STRING **pukm)
{
if (ri->type != CMS_RECIPINFO_AGREE) {
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-04 19:23:19 +08:00
ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 0;
}
if (palg)
*palg = ri->d.kari->keyEncryptionAlgorithm;
if (pukm)
*pukm = ri->d.kari->ukm;
return 1;
}
/* Retrieve recipient encrypted keys from a kari */
STACK_OF(CMS_RecipientEncryptedKey)
*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri)
{
if (ri->type != CMS_RECIPINFO_AGREE) {
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-04 19:23:19 +08:00
ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return NULL;
}
return ri->d.kari->recipientEncryptedKeys;
}
int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
X509_ALGOR **pubalg,
ASN1_BIT_STRING **pubkey,
ASN1_OCTET_STRING **keyid,
X509_NAME **issuer,
ASN1_INTEGER **sno)
{
CMS_OriginatorIdentifierOrKey *oik;
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
if (ri->type != CMS_RECIPINFO_AGREE) {
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-04 19:23:19 +08:00
ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 0;
}
oik = ri->d.kari->originator;
if (issuer)
*issuer = NULL;
if (sno)
*sno = NULL;
if (keyid)
*keyid = NULL;
if (pubalg)
*pubalg = NULL;
if (pubkey)
*pubkey = NULL;
if (oik->type == CMS_OIK_ISSUER_SERIAL) {
if (issuer)
*issuer = oik->d.issuerAndSerialNumber->issuer;
if (sno)
*sno = oik->d.issuerAndSerialNumber->serialNumber;
} else if (oik->type == CMS_OIK_KEYIDENTIFIER) {
if (keyid)
*keyid = oik->d.subjectKeyIdentifier;
} else if (oik->type == CMS_OIK_PUBKEY) {
if (pubalg)
*pubalg = oik->d.originatorKey->algorithm;
if (pubkey)
*pubkey = oik->d.originatorKey->publicKey;
} else
return 0;
return 1;
}
int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
{
CMS_OriginatorIdentifierOrKey *oik;
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
if (ri->type != CMS_RECIPINFO_AGREE) {
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-04 19:23:19 +08:00
ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return -2;
}
oik = ri->d.kari->originator;
if (oik->type == CMS_OIK_ISSUER_SERIAL)
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
return ossl_cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
else if (oik->type == CMS_OIK_KEYIDENTIFIER)
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
return ossl_cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return -1;
}
int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
ASN1_OCTET_STRING **keyid,
ASN1_GENERALIZEDTIME **tm,
CMS_OtherKeyAttribute **other,
X509_NAME **issuer, ASN1_INTEGER **sno)
{
CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
if (rid->type == CMS_REK_ISSUER_SERIAL) {
if (issuer)
*issuer = rid->d.issuerAndSerialNumber->issuer;
if (sno)
*sno = rid->d.issuerAndSerialNumber->serialNumber;
if (keyid)
*keyid = NULL;
if (tm)
*tm = NULL;
if (other)
*other = NULL;
} else if (rid->type == CMS_REK_KEYIDENTIFIER) {
if (keyid)
*keyid = rid->d.rKeyId->subjectKeyIdentifier;
if (tm)
*tm = rid->d.rKeyId->date;
if (other)
*other = rid->d.rKeyId->other;
if (issuer)
*issuer = NULL;
if (sno)
*sno = NULL;
} else
return 0;
return 1;
}
int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
X509 *cert)
{
CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
if (rid->type == CMS_REK_ISSUER_SERIAL)
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
return ossl_cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
else if (rid->type == CMS_REK_KEYIDENTIFIER)
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
return ossl_cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier,
cert);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
else
return -1;
}
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
int CMS_RecipientInfo_kari_set0_pkey_and_peer(CMS_RecipientInfo *ri,
EVP_PKEY *pk, X509 *peer)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
{
EVP_PKEY_CTX *pctx;
CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
free NULL cleanup -- coda After the finale, the "real" final part. :) Do a recursive grep with "-B1 -w [a-zA-Z0-9_]*_free" to see if any of the preceeding lines are an "if NULL" check that can be removed. Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-05-02 02:37:16 +08:00
EVP_PKEY_CTX_free(kari->pctx);
kari->pctx = NULL;
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
2019-09-17 03:28:57 +08:00
if (pk == NULL)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 1;
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(kari->cms_ctx),
pk,
ossl_cms_ctx_get0_propq(kari->cms_ctx));
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
2019-09-17 03:28:57 +08:00
if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
goto err;
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
if (peer != NULL) {
EVP_PKEY *pub_pkey = X509_get0_pubkey(peer);
if (EVP_PKEY_derive_set_peer(pctx, pub_pkey) <= 0)
goto err;
}
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
kari->pctx = pctx;
return 1;
err:
free NULL cleanup EVP_.*free; this gets: EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 22:54:15 +08:00
EVP_PKEY_CTX_free(pctx);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 0;
}
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
{
return CMS_RecipientInfo_kari_set0_pkey_and_peer(ri, pk, NULL);
}
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
{
if (ri->type == CMS_RECIPINFO_AGREE)
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
return ri->d.kari->ctx;
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return NULL;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
/*
* Derive KEK and decrypt/encrypt with it to produce either the original CEK
* or the encrypted CEK.
*/
static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
const unsigned char *in, size_t inlen,
CMS_KeyAgreeRecipientInfo *kari, int enc)
{
/* Key encryption key */
unsigned char kek[EVP_MAX_KEY_LENGTH];
size_t keklen;
int rv = 0;
unsigned char *out = NULL;
int outlen;
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
keklen = EVP_CIPHER_CTX_get_key_length(kari->ctx);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
if (keklen > EVP_MAX_KEY_LENGTH)
return 0;
/* Derive KEK */
if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
goto err;
/* Set KEK in context */
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
goto err;
/* obtain output length of ciphered key */
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
goto err;
out = OPENSSL_malloc(outlen);
Continue standardising malloc style for libcrypto Continuing from previous commit ensure our style is consistent for malloc return checks. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-10-30 19:12:26 +08:00
if (out == NULL)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
goto err;
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
goto err;
*pout = out;
*poutlen = (size_t)outlen;
rv = 1;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
err:
OPENSSL_cleanse(kek, keklen);
free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 22:02:07 +08:00
if (!rv)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
OPENSSL_free(out);
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
EVP_CIPHER_CTX_reset(kari->ctx);
/* FIXME: WHY IS kari->pctx freed here? /RL */
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
EVP_PKEY_CTX_free(kari->pctx);
kari->pctx = NULL;
return rv;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri,
CMS_RecipientEncryptedKey *rek)
{
int rv = 0;
unsigned char *enckey = NULL, *cek = NULL;
size_t enckeylen;
size_t ceklen;
CMS_EncryptedContentInfo *ec;
CMS KARI: Temporarly downgrade newly generated EVP_PKEYs to legacy The EVP_PKEY_ASN1_METHOD code used by CMS_RecipientInfo_kari_decrypt() and cms_RecipientInfo_kari_encrypt() is quite complex and needs more careful thought to work with provider side keys. Unfortunately, we need to get key generation in place, among others for ECC keys, so we add a temporary hack, similar to what's already done in TLS code, that downgrades a provider side EVP_PKEY to become EVP_PKEY_ASN1_METHOD / EVP_PKEY_METHOD based. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11501)
2020-04-08 21:41:05 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
enckeylen = rek->encryptedKey->length;
enckey = rek->encryptedKey->data;
/* Setup all parameters to derive KEK */
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
if (!ossl_cms_env_asn1_ctrl(ri, 1))
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
goto err;
/* Attempt to decrypt CEK */
if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
goto err;
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
ec = ossl_cms_get0_env_enc_content(cms);
free cleanup almost the finale Add OPENSSL_clear_free which merges cleanse and free. (Names was picked to be similar to BN_clear_free, etc.) Removed OPENSSL_freeFunc macro. Fixed the small simple ones that are left: CRYPTO_free CRYPTO_free_locked OPENSSL_free_locked Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 05:57:32 +08:00
OPENSSL_clear_free(ec->key, ec->keylen);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
ec->key = cek;
ec->keylen = ceklen;
cek = NULL;
rv = 1;
err:
free null cleanup finale Don't check for NULL before calling OPENSSL_free Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-01 22:02:07 +08:00
OPENSSL_free(cek);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return rv;
}
/* Create ephemeral key and initialise context based on it */
static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
EVP_PKEY *pk)
{
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY *ekey = NULL;
int rv = 0;
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
const CMS_CTX *ctx = kari->cms_ctx;
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
OSSL_LIB_CTX *libctx = ossl_cms_ctx_get0_libctx(ctx);
const char *propq = ossl_cms_ctx_get0_propq(ctx);
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
2019-09-17 03:28:57 +08:00
CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**. Fixes #13624 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13668)
2020-12-11 17:19:37 +08:00
pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pk, propq);
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
2019-09-17 03:28:57 +08:00
if (pctx == NULL)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
goto err;
if (EVP_PKEY_keygen_init(pctx) <= 0)
goto err;
if (EVP_PKEY_keygen(pctx, &ekey) <= 0)
goto err;
EVP_PKEY_CTX_free(pctx);
CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**. Fixes #13624 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13668)
2020-12-11 17:19:37 +08:00
pctx = EVP_PKEY_CTX_new_from_pkey(libctx, ekey, propq);
Explicitly test against NULL; do not use !p or similar Also added blanks lines after declarations in a couple of places. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9916)
2019-09-17 03:28:57 +08:00
if (pctx == NULL)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
goto err;
if (EVP_PKEY_derive_init(pctx) <= 0)
goto err;
kari->pctx = pctx;
rv = 1;
err:
free NULL cleanup EVP_.*free; this gets: EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 22:54:15 +08:00
if (!rv)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
EVP_PKEY_CTX_free(pctx);
free NULL cleanup EVP_.*free; this gets: EVP_CIPHER_CTX_free EVP_PKEY_CTX_free EVP_PKEY_asn1_free EVP_PKEY_asn1_set_free EVP_PKEY_free EVP_PKEY_free_it EVP_PKEY_meth_free; and also EVP_CIPHER_CTX_cleanup Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2015-03-28 22:54:15 +08:00
EVP_PKEY_free(ekey);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return rv;
}
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
/* Set originator private key and initialise context based on it */
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
static int cms_kari_set_originator_private_key(CMS_KeyAgreeRecipientInfo *kari,
EVP_PKEY *originatorPrivKey )
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
{
EVP_PKEY_CTX *pctx = NULL;
int rv = 0;
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
const CMS_CTX *ctx = kari->cms_ctx;
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
pctx = EVP_PKEY_CTX_new_from_pkey(ossl_cms_ctx_get0_libctx(ctx),
CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**. Fixes #13624 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13668)
2020-12-11 17:19:37 +08:00
originatorPrivKey,
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
ossl_cms_ctx_get0_propq(ctx));
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
if (pctx == NULL)
goto err;
if (EVP_PKEY_derive_init(pctx) <= 0)
goto err;
kari->pctx = pctx;
rv = 1;
err:
if (rv == 0)
EVP_PKEY_CTX_free(pctx);
return rv;
}
Fix null pointer dereference in cms_RecipientInfo_kari_init CLA: trivial Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8137)
2019-02-13 14:26:14 +08:00
/* Initialise a kari based on passed certificate and key */
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
int ossl_cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
EVP_PKEY *recipPubKey, X509 *originator,
EVP_PKEY *originatorPrivKey,
unsigned int flags, const CMS_CTX *ctx)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
{
CMS_KeyAgreeRecipientInfo *kari;
CMS_RecipientEncryptedKey *rek = NULL;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
ri->d.kari = M_ASN1_new_of(CMS_KeyAgreeRecipientInfo);
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
if (ri->d.kari == NULL)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 0;
ri->type = CMS_RECIPINFO_AGREE;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
kari = ri->d.kari;
kari->version = 3;
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
kari->cms_ctx = ctx;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
rek = M_ASN1_new_of(CMS_RecipientEncryptedKey);
Fix null pointer dereference in cms_RecipientInfo_kari_init CLA: trivial Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8137)
2019-02-13 14:26:14 +08:00
if (rek == NULL)
return 0;
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) {
M_ASN1_free_of(rek, CMS_RecipientEncryptedKey);
return 0;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
if (flags & CMS_USE_KEYID) {
rek->rid->type = CMS_REK_KEYIDENTIFIER;
Fix ECDH key identifier support. PR#3789 Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-10 09:33:44 +08:00
rek->rid->d.rKeyId = M_ASN1_new_of(CMS_RecipientKeyIdentifier);
if (rek->rid->d.rKeyId == NULL)
return 0;
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
if (!ossl_cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip))
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 0;
} else {
rek->rid->type = CMS_REK_ISSUER_SERIAL;
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
if (!ossl_cms_set1_ias(&rek->rid->d.issuerAndSerialNumber, recip))
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 0;
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
if (originatorPrivKey == NULL && originator == NULL) {
/* Create ephemeral key */
if (!cms_kari_create_ephemeral_key(kari, recipPubKey))
return 0;
} else {
coverity 1462543 Logically dead code Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
2020-04-27 06:05:23 +08:00
/* Use originator key */
CMS_OriginatorIdentifierOrKey *oik = ri->d.kari->originator;
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
coverity 1462543 Logically dead code Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
2020-04-27 06:05:23 +08:00
if (originatorPrivKey == NULL || originator == NULL)
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
return 0;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
coverity 1462543 Logically dead code Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
2020-04-27 06:05:23 +08:00
if (flags & CMS_USE_ORIGINATOR_KEYID) {
oik->type = CMS_OIK_KEYIDENTIFIER;
oik->d.subjectKeyIdentifier = ASN1_OCTET_STRING_new();
if (oik->d.subjectKeyIdentifier == NULL)
return 0;
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
if (!ossl_cms_set1_keyid(&oik->d.subjectKeyIdentifier, originator))
coverity 1462543 Logically dead code Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
2020-04-27 06:05:23 +08:00
return 0;
} else {
oik->type = CMS_REK_ISSUER_SERIAL;
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
if (!ossl_cms_set1_ias(&oik->d.issuerAndSerialNumber, originator))
coverity 1462543 Logically dead code Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
2020-04-27 06:05:23 +08:00
return 0;
}
if (!cms_kari_set_originator_private_key(kari, originatorPrivKey))
return 0;
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
}
EVP_PKEY_up_ref(recipPubKey);
rek->pkey = recipPubKey;
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 1;
}
static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
const EVP_CIPHER *cipher)
{
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
const CMS_CTX *cms_ctx = kari->cms_ctx;
Adapt all EVP_CIPHER_CTX users for it becoming opaque Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-14 05:08:41 +08:00
EVP_CIPHER_CTX *ctx = kari->ctx;
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
const EVP_CIPHER *kekcipher;
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
EVP_CIPHER *fetched_kekcipher;
const char *kekcipher_name;
coverity 1462567: Null pointer dereferences Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
2020-04-27 05:48:32 +08:00
int keylen;
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
int ret;
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
/* If a suitable wrap algorithm is already set nothing to do */
Add "origin" field to EVP_CIPHER, EVP_MD Add a "where did this EVP_{CIPHER,MD} come from" flag: global, via fetch, or via EVP_{CIPHER,MD}_meth_new. Update EVP_{CIPHER,MD}_free to handle all three origins. The flag is deliberately right before some function pointers, so that compile-time failures (int/pointer) will occur, as opposed to taking a bit in the existing "flags" field. The "global variable" flag is non-zero, so the default case of using OPENSSL_zalloc (for provider ciphers), will do the right thing. Ref-counting is a no-op for Make up_ref no-op for global MD and CIPHER objects Deprecate EVP_MD_CTX_md(). Added EVP_MD_CTX_get0_md() (same semantics as the deprecated function) and EVP_MD_CTX_get1_md(). Likewise, deprecate EVP_CIPHER_CTX_cipher() in favor of EVP_CIPHER_CTX_get0_cipher(), and add EVP_CIPHER_CTX_get1_CIPHER(). Refactor EVP_MD_free() and EVP_MD_meth_free() to call new common evp_md_free_int() function. Refactor EVP_CIPHER_free() and EVP_CIPHER_meth_free() to call new common evp_cipher_free_int() function. Also change some flags tests to explicit test == or != zero. E.g., if (flags & x) --> if ((flags & x) != 0) if (!(flags & x)) --> if ((flags & x) == 0) Only done for those lines where "get0_cipher" calls were made. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14193)
2021-02-17 06:51:56 +08:00
kekcipher = EVP_CIPHER_CTX_get0_cipher(ctx);
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
if (kekcipher != NULL) {
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
if (EVP_CIPHER_CTX_get_mode(ctx) != EVP_CIPH_WRAP_MODE)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 0;
return 1;
}
coverity 1462567: Null pointer dereferences Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11651)
2020-04-27 05:48:32 +08:00
if (cipher == NULL)
return 0;
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
keylen = EVP_CIPHER_get_key_length(cipher);
if ((EVP_CIPHER_get_flags(cipher) & EVP_CIPH_FLAG_GET_WRAP_CIPHER) != 0) {
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
ret = EVP_CIPHER_meth_get_ctrl(cipher)(NULL, EVP_CTRL_GET_WRAP_CIPHER,
0, &kekcipher);
if (ret <= 0)
return 0;
if (kekcipher != NULL) {
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
if (EVP_CIPHER_get_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
return 0;
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
kekcipher_name = EVP_CIPHER_get0_name(kekcipher);
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
goto enc;
Implementation of Russian GOST CMS Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10904)
2020-01-20 23:17:44 +08:00
}
}
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
/*
* Pick a cipher based on content encryption cipher. If it is DES3 use
* DES3 wrap otherwise use AES wrap similar to key size.
*/
Fix no-des Numerous fixes for no-des. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 23:56:06 +08:00
#ifndef OPENSSL_NO_DES
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
if (EVP_CIPHER_get_type(cipher) == NID_des_ede3_cbc)
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
kekcipher_name = SN_id_smime_alg_CMS3DESwrap;
Fix no-des Numerous fixes for no-des. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-18 23:56:06 +08:00
else
#endif
if (keylen <= 16)
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
kekcipher_name = SN_id_aes128_wrap;
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
else if (keylen <= 24)
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
kekcipher_name = SN_id_aes192_wrap;
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
else
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
kekcipher_name = SN_id_aes256_wrap;
enc:
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
fetched_kekcipher = EVP_CIPHER_fetch(ossl_cms_ctx_get0_libctx(cms_ctx),
CMS: Fix NULL access if d2i_CMS_bio() is not passed a CMS_ContentInfo**. Fixes #13624 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13668)
2020-12-11 17:19:37 +08:00
kekcipher_name,
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
ossl_cms_ctx_get0_propq(cms_ctx));
Add libctx support to CMS. -Public CMS methods that create a CMS_ContentInfo object now have variants that also add a libctx and propq. This includes CMS_ContentInfo_new_with_libctx(), CMS_sign_with_libctx(), CMS_data_create_with_libctx(), CMS_digest_create_with_libctx(), CMS_EncryptedData_encrypt_with_libctx(), CMS_EnvelopedData_create_with_libctx(). -Added CMS_ReceiptRequest_create0_with_libctx(). -Added SMIME_read_CMS_ex() so that a new CMS_ContentInfo object (created using CMS_ContentInfo_new_with_libctx()) can be passed to the read. -d2i_CMS_bio() has been modified so that after it loads the CMS_ContentInfo() it then resolves any subobjects that require the libctx/propq (such as objects containing X509 certificates). Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11884)
2020-07-25 16:04:55 +08:00
if (fetched_kekcipher == NULL)
return 0;
ret = EVP_EncryptInit_ex(ctx, fetched_kekcipher, NULL, NULL, NULL);
EVP_CIPHER_free(fetched_kekcipher);
return ret;
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
}
/* Encrypt content key in key agreement recipient info */
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
int ossl_cms_RecipientInfo_kari_encrypt(const CMS_ContentInfo *cms,
CMS_RecipientInfo *ri)
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
{
CMS_KeyAgreeRecipientInfo *kari;
CMS_EncryptedContentInfo *ec;
CMS_RecipientEncryptedKey *rek;
STACK_OF(CMS_RecipientEncryptedKey) *reks;
int i;
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
if (ri->type != CMS_RECIPINFO_AGREE) {
Convert all {NAME}err() in crypto/ to their corresponding ERR_raise() call This includes error reporting for libcrypto sub-libraries in surprising places. This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13318)
2020-11-04 19:23:19 +08:00
ERR_raise(ERR_LIB_CMS, CMS_R_NOT_KEY_AGREEMENT);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 0;
}
kari = ri->d.kari;
reks = kari->recipientEncryptedKeys;
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
ec = ossl_cms_get0_env_enc_content(cms);
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
/* Initialise wrap algorithm parameters */
if (!cms_wrap_init(kari, ec->cipher))
return 0;
/*
GH601: Various spelling fixes. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-06 04:23:54 +08:00
* If no originator key set up initialise for ephemeral key the public key
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
* ASN1 structure will set the actual public key value.
*/
if (kari->originator->type == -1) {
CMS_OriginatorIdentifierOrKey *oik = kari->originator;
oik->type = CMS_OIK_PUBKEY;
oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey);
if (!oik->d.originatorKey)
return 0;
Fix CMS encryption with key agreement when originator set OpenSSL currently does not support encryption with originator flag so it should fail nicely instead of segfaulting. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26014) (cherry picked from commit 894e69e747a93a1f166891f5f029b78c68088f50)
2024-12-13 20:48:23 +08:00
} else {
/*
* Currently it is not possible to get public key as it is not stored
* during kari initialization.
*/
ERR_raise(ERR_LIB_CMS, CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT);
return 0;
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
}
/* Initialise KDF algorithm */
Fix external symbols for cms. Partial fix for #12964 This adds ossl_ names for symbols related to cms_* and ess_* Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14241)
2021-02-18 12:03:25 +08:00
if (!ossl_cms_env_asn1_ctrl(ri, 0))
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 0;
/* For each rek, derive KEK, encrypt CEK */
for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
unsigned char *enckey;
size_t enckeylen;
rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
if (EVP_PKEY_derive_set_peer(kari->pctx, rek->pkey) <= 0)
return 0;
if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen,
kari, 1))
return 0;
ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen);
}
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 11:40:55 +08:00
CMS support for key agreeement recipient info. Add hooks to support key agreement recipient info type (KARI) using algorithm specific code in the relevant public key ASN1 method.
2013-07-17 21:36:39 +08:00
return 1;
}