1 /* $OpenBSD: pk7_asn1.c,v 1.17 2023/04/25 18:04:03 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5 /* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <stdio.h>
60
61 #include <openssl/asn1t.h>
62 #include <openssl/pkcs7.h>
63 #include <openssl/x509.h>
64
65 /* PKCS#7 ASN1 module */
66
67 /* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
68
69 static const ASN1_TEMPLATE p7default_tt = {
70 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
71 .tag = 0,
72 .offset = offsetof(PKCS7, d.other),
73 .field_name = "d.other",
74 .item = &ASN1_ANY_it,
75 };
76
77 static const ASN1_ADB_TABLE PKCS7_adbtbl[] = {
78 {
79 .value = NID_pkcs7_data,
80 .tt = {
81 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF,
82 .tag = 0,
83 .offset = offsetof(PKCS7, d.data),
84 .field_name = "d.data",
85 .item = &ASN1_OCTET_STRING_NDEF_it,
86 },
87
88 },
89 {
90 .value = NID_pkcs7_signed,
91 .tt = {
92 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF,
93 .tag = 0,
94 .offset = offsetof(PKCS7, d.sign),
95 .field_name = "d.sign",
96 .item = &PKCS7_SIGNED_it,
97 },
98
99 },
100 {
101 .value = NID_pkcs7_enveloped,
102 .tt = {
103 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF,
104 .tag = 0,
105 .offset = offsetof(PKCS7, d.enveloped),
106 .field_name = "d.enveloped",
107 .item = &PKCS7_ENVELOPE_it,
108 },
109
110 },
111 {
112 .value = NID_pkcs7_signedAndEnveloped,
113 .tt = {
114 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF,
115 .tag = 0,
116 .offset = offsetof(PKCS7, d.signed_and_enveloped),
117 .field_name = "d.signed_and_enveloped",
118 .item = &PKCS7_SIGN_ENVELOPE_it,
119 },
120
121 },
122 {
123 .value = NID_pkcs7_digest,
124 .tt = {
125 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF,
126 .tag = 0,
127 .offset = offsetof(PKCS7, d.digest),
128 .field_name = "d.digest",
129 .item = &PKCS7_DIGEST_it,
130 },
131
132 },
133 {
134 .value = NID_pkcs7_encrypted,
135 .tt = {
136 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF,
137 .tag = 0,
138 .offset = offsetof(PKCS7, d.encrypted),
139 .field_name = "d.encrypted",
140 .item = &PKCS7_ENCRYPT_it,
141 },
142
143 },
144 };
145
146 static const ASN1_ADB PKCS7_adb = {
147 .flags = 0,
148 .offset = offsetof(PKCS7, type),
149 .tbl = PKCS7_adbtbl,
150 .tblcount = sizeof(PKCS7_adbtbl) / sizeof(ASN1_ADB_TABLE),
151 .default_tt = &p7default_tt,
152 .null_tt = NULL,
153 };
154
155 /* PKCS#7 streaming support */
156 static int
pk7_cb(int operation,ASN1_VALUE ** pval,const ASN1_ITEM * it,void * exarg)157 pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
158 {
159 ASN1_STREAM_ARG *sarg = exarg;
160 PKCS7 **pp7 = (PKCS7 **)pval;
161
162 switch (operation) {
163 case ASN1_OP_STREAM_PRE:
164 if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
165 return 0;
166 /* FALLTHROUGH */
167
168 case ASN1_OP_DETACHED_PRE:
169 sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
170 if (!sarg->ndef_bio)
171 return 0;
172 break;
173
174 case ASN1_OP_STREAM_POST:
175 case ASN1_OP_DETACHED_POST:
176 if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
177 return 0;
178 break;
179 }
180 return 1;
181 }
182
183 static const ASN1_AUX PKCS7_aux = {
184 .app_data = NULL,
185 .flags = 0,
186 .ref_offset = 0,
187 .ref_lock = 0,
188 .asn1_cb = pk7_cb,
189 .enc_offset = 0,
190 };
191 static const ASN1_TEMPLATE PKCS7_seq_tt[] = {
192 {
193 .flags = 0,
194 .tag = 0,
195 .offset = offsetof(PKCS7, type),
196 .field_name = "type",
197 .item = &ASN1_OBJECT_it,
198 },
199 {
200 .flags = ASN1_TFLG_ADB_OID,
201 .tag = -1,
202 .offset = 0,
203 .field_name = "PKCS7",
204 .item = (const ASN1_ITEM *)&PKCS7_adb,
205 },
206 };
207
208 const ASN1_ITEM PKCS7_it = {
209 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
210 .utype = V_ASN1_SEQUENCE,
211 .templates = PKCS7_seq_tt,
212 .tcount = sizeof(PKCS7_seq_tt) / sizeof(ASN1_TEMPLATE),
213 .funcs = &PKCS7_aux,
214 .size = sizeof(PKCS7),
215 .sname = "PKCS7",
216 };
217
218
219 PKCS7 *
d2i_PKCS7(PKCS7 ** a,const unsigned char ** in,long len)220 d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len)
221 {
222 return (PKCS7 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
223 &PKCS7_it);
224 }
225 LCRYPTO_ALIAS(d2i_PKCS7);
226
227 int
i2d_PKCS7(PKCS7 * a,unsigned char ** out)228 i2d_PKCS7(PKCS7 *a, unsigned char **out)
229 {
230 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_it);
231 }
232 LCRYPTO_ALIAS(i2d_PKCS7);
233
234 PKCS7 *
PKCS7_new(void)235 PKCS7_new(void)
236 {
237 return (PKCS7 *)ASN1_item_new(&PKCS7_it);
238 }
239 LCRYPTO_ALIAS(PKCS7_new);
240
241 void
PKCS7_free(PKCS7 * a)242 PKCS7_free(PKCS7 *a)
243 {
244 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_it);
245 }
246 LCRYPTO_ALIAS(PKCS7_free);
247
248 PKCS7 *
PKCS7_dup(PKCS7 * x)249 PKCS7_dup(PKCS7 *x)
250 {
251 return ASN1_item_dup(&PKCS7_it, x);
252 }
253 LCRYPTO_ALIAS(PKCS7_dup);
254
255 static const ASN1_TEMPLATE PKCS7_SIGNED_seq_tt[] = {
256 {
257 .flags = 0,
258 .tag = 0,
259 .offset = offsetof(PKCS7_SIGNED, version),
260 .field_name = "version",
261 .item = &ASN1_INTEGER_it,
262 },
263 {
264 .flags = ASN1_TFLG_SET_OF,
265 .tag = 0,
266 .offset = offsetof(PKCS7_SIGNED, md_algs),
267 .field_name = "md_algs",
268 .item = &X509_ALGOR_it,
269 },
270 {
271 .flags = 0,
272 .tag = 0,
273 .offset = offsetof(PKCS7_SIGNED, contents),
274 .field_name = "contents",
275 .item = &PKCS7_it,
276 },
277 {
278 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
279 .tag = 0,
280 .offset = offsetof(PKCS7_SIGNED, cert),
281 .field_name = "cert",
282 .item = &X509_it,
283 },
284 {
285 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
286 .tag = 1,
287 .offset = offsetof(PKCS7_SIGNED, crl),
288 .field_name = "crl",
289 .item = &X509_CRL_it,
290 },
291 {
292 .flags = ASN1_TFLG_SET_OF,
293 .tag = 0,
294 .offset = offsetof(PKCS7_SIGNED, signer_info),
295 .field_name = "signer_info",
296 .item = &PKCS7_SIGNER_INFO_it,
297 },
298 };
299
300 const ASN1_ITEM PKCS7_SIGNED_it = {
301 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
302 .utype = V_ASN1_SEQUENCE,
303 .templates = PKCS7_SIGNED_seq_tt,
304 .tcount = sizeof(PKCS7_SIGNED_seq_tt) / sizeof(ASN1_TEMPLATE),
305 .funcs = NULL,
306 .size = sizeof(PKCS7_SIGNED),
307 .sname = "PKCS7_SIGNED",
308 };
309
310
311 PKCS7_SIGNED *
d2i_PKCS7_SIGNED(PKCS7_SIGNED ** a,const unsigned char ** in,long len)312 d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, const unsigned char **in, long len)
313 {
314 return (PKCS7_SIGNED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
315 &PKCS7_SIGNED_it);
316 }
317 LCRYPTO_ALIAS(d2i_PKCS7_SIGNED);
318
319 int
i2d_PKCS7_SIGNED(PKCS7_SIGNED * a,unsigned char ** out)320 i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, unsigned char **out)
321 {
322 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_SIGNED_it);
323 }
324 LCRYPTO_ALIAS(i2d_PKCS7_SIGNED);
325
326 PKCS7_SIGNED *
PKCS7_SIGNED_new(void)327 PKCS7_SIGNED_new(void)
328 {
329 return (PKCS7_SIGNED *)ASN1_item_new(&PKCS7_SIGNED_it);
330 }
331 LCRYPTO_ALIAS(PKCS7_SIGNED_new);
332
333 void
PKCS7_SIGNED_free(PKCS7_SIGNED * a)334 PKCS7_SIGNED_free(PKCS7_SIGNED *a)
335 {
336 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_SIGNED_it);
337 }
338 LCRYPTO_ALIAS(PKCS7_SIGNED_free);
339
340 /* Minor tweak to operation: free up EVP_PKEY */
341 static int
si_cb(int operation,ASN1_VALUE ** pval,const ASN1_ITEM * it,void * exarg)342 si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
343 {
344 if (operation == ASN1_OP_FREE_POST) {
345 PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
346 EVP_PKEY_free(si->pkey);
347 }
348 return 1;
349 }
350
351 static const ASN1_AUX PKCS7_SIGNER_INFO_aux = {
352 .app_data = NULL,
353 .flags = 0,
354 .ref_offset = 0,
355 .ref_lock = 0,
356 .asn1_cb = si_cb,
357 .enc_offset = 0,
358 };
359 static const ASN1_TEMPLATE PKCS7_SIGNER_INFO_seq_tt[] = {
360 {
361 .flags = 0,
362 .tag = 0,
363 .offset = offsetof(PKCS7_SIGNER_INFO, version),
364 .field_name = "version",
365 .item = &ASN1_INTEGER_it,
366 },
367 {
368 .flags = 0,
369 .tag = 0,
370 .offset = offsetof(PKCS7_SIGNER_INFO, issuer_and_serial),
371 .field_name = "issuer_and_serial",
372 .item = &PKCS7_ISSUER_AND_SERIAL_it,
373 },
374 {
375 .flags = 0,
376 .tag = 0,
377 .offset = offsetof(PKCS7_SIGNER_INFO, digest_alg),
378 .field_name = "digest_alg",
379 .item = &X509_ALGOR_it,
380 },
381 /* NB this should be a SET OF but we use a SEQUENCE OF so the
382 * original order * is retained when the structure is reencoded.
383 * Since the attributes are implicitly tagged this will not affect
384 * the encoding.
385 */
386 {
387 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
388 .tag = 0,
389 .offset = offsetof(PKCS7_SIGNER_INFO, auth_attr),
390 .field_name = "auth_attr",
391 .item = &X509_ATTRIBUTE_it,
392 },
393 {
394 .flags = 0,
395 .tag = 0,
396 .offset = offsetof(PKCS7_SIGNER_INFO, digest_enc_alg),
397 .field_name = "digest_enc_alg",
398 .item = &X509_ALGOR_it,
399 },
400 {
401 .flags = 0,
402 .tag = 0,
403 .offset = offsetof(PKCS7_SIGNER_INFO, enc_digest),
404 .field_name = "enc_digest",
405 .item = &ASN1_OCTET_STRING_it,
406 },
407 {
408 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
409 .tag = 1,
410 .offset = offsetof(PKCS7_SIGNER_INFO, unauth_attr),
411 .field_name = "unauth_attr",
412 .item = &X509_ATTRIBUTE_it,
413 },
414 };
415
416 const ASN1_ITEM PKCS7_SIGNER_INFO_it = {
417 .itype = ASN1_ITYPE_SEQUENCE,
418 .utype = V_ASN1_SEQUENCE,
419 .templates = PKCS7_SIGNER_INFO_seq_tt,
420 .tcount = sizeof(PKCS7_SIGNER_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
421 .funcs = &PKCS7_SIGNER_INFO_aux,
422 .size = sizeof(PKCS7_SIGNER_INFO),
423 .sname = "PKCS7_SIGNER_INFO",
424 };
425
426
427 PKCS7_SIGNER_INFO *
d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO ** a,const unsigned char ** in,long len)428 d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a, const unsigned char **in, long len)
429 {
430 return (PKCS7_SIGNER_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
431 &PKCS7_SIGNER_INFO_it);
432 }
433 LCRYPTO_ALIAS(d2i_PKCS7_SIGNER_INFO);
434
435 int
i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO * a,unsigned char ** out)436 i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, unsigned char **out)
437 {
438 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_SIGNER_INFO_it);
439 }
440 LCRYPTO_ALIAS(i2d_PKCS7_SIGNER_INFO);
441
442 PKCS7_SIGNER_INFO *
PKCS7_SIGNER_INFO_new(void)443 PKCS7_SIGNER_INFO_new(void)
444 {
445 return (PKCS7_SIGNER_INFO *)ASN1_item_new(&PKCS7_SIGNER_INFO_it);
446 }
447 LCRYPTO_ALIAS(PKCS7_SIGNER_INFO_new);
448
449 void
PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO * a)450 PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a)
451 {
452 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_SIGNER_INFO_it);
453 }
454 LCRYPTO_ALIAS(PKCS7_SIGNER_INFO_free);
455
456 static const ASN1_TEMPLATE PKCS7_ISSUER_AND_SERIAL_seq_tt[] = {
457 {
458 .flags = 0,
459 .tag = 0,
460 .offset = offsetof(PKCS7_ISSUER_AND_SERIAL, issuer),
461 .field_name = "issuer",
462 .item = &X509_NAME_it,
463 },
464 {
465 .flags = 0,
466 .tag = 0,
467 .offset = offsetof(PKCS7_ISSUER_AND_SERIAL, serial),
468 .field_name = "serial",
469 .item = &ASN1_INTEGER_it,
470 },
471 };
472
473 const ASN1_ITEM PKCS7_ISSUER_AND_SERIAL_it = {
474 .itype = ASN1_ITYPE_SEQUENCE,
475 .utype = V_ASN1_SEQUENCE,
476 .templates = PKCS7_ISSUER_AND_SERIAL_seq_tt,
477 .tcount = sizeof(PKCS7_ISSUER_AND_SERIAL_seq_tt) / sizeof(ASN1_TEMPLATE),
478 .funcs = NULL,
479 .size = sizeof(PKCS7_ISSUER_AND_SERIAL),
480 .sname = "PKCS7_ISSUER_AND_SERIAL",
481 };
482
483
484 PKCS7_ISSUER_AND_SERIAL *
d2i_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL ** a,const unsigned char ** in,long len)485 d2i_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL **a, const unsigned char **in, long len)
486 {
487 return (PKCS7_ISSUER_AND_SERIAL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
488 &PKCS7_ISSUER_AND_SERIAL_it);
489 }
490 LCRYPTO_ALIAS(d2i_PKCS7_ISSUER_AND_SERIAL);
491
492 int
i2d_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL * a,unsigned char ** out)493 i2d_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL *a, unsigned char **out)
494 {
495 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ISSUER_AND_SERIAL_it);
496 }
497 LCRYPTO_ALIAS(i2d_PKCS7_ISSUER_AND_SERIAL);
498
499 PKCS7_ISSUER_AND_SERIAL *
PKCS7_ISSUER_AND_SERIAL_new(void)500 PKCS7_ISSUER_AND_SERIAL_new(void)
501 {
502 return (PKCS7_ISSUER_AND_SERIAL *)ASN1_item_new(&PKCS7_ISSUER_AND_SERIAL_it);
503 }
504 LCRYPTO_ALIAS(PKCS7_ISSUER_AND_SERIAL_new);
505
506 void
PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL * a)507 PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL *a)
508 {
509 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ISSUER_AND_SERIAL_it);
510 }
511 LCRYPTO_ALIAS(PKCS7_ISSUER_AND_SERIAL_free);
512
513 static const ASN1_TEMPLATE PKCS7_ENVELOPE_seq_tt[] = {
514 {
515 .flags = 0,
516 .tag = 0,
517 .offset = offsetof(PKCS7_ENVELOPE, version),
518 .field_name = "version",
519 .item = &ASN1_INTEGER_it,
520 },
521 {
522 .flags = ASN1_TFLG_SET_OF,
523 .tag = 0,
524 .offset = offsetof(PKCS7_ENVELOPE, recipientinfo),
525 .field_name = "recipientinfo",
526 .item = &PKCS7_RECIP_INFO_it,
527 },
528 {
529 .flags = 0,
530 .tag = 0,
531 .offset = offsetof(PKCS7_ENVELOPE, enc_data),
532 .field_name = "enc_data",
533 .item = &PKCS7_ENC_CONTENT_it,
534 },
535 };
536
537 const ASN1_ITEM PKCS7_ENVELOPE_it = {
538 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
539 .utype = V_ASN1_SEQUENCE,
540 .templates = PKCS7_ENVELOPE_seq_tt,
541 .tcount = sizeof(PKCS7_ENVELOPE_seq_tt) / sizeof(ASN1_TEMPLATE),
542 .funcs = NULL,
543 .size = sizeof(PKCS7_ENVELOPE),
544 .sname = "PKCS7_ENVELOPE",
545 };
546
547
548 PKCS7_ENVELOPE *
d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE ** a,const unsigned char ** in,long len)549 d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, const unsigned char **in, long len)
550 {
551 return (PKCS7_ENVELOPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
552 &PKCS7_ENVELOPE_it);
553 }
554 LCRYPTO_ALIAS(d2i_PKCS7_ENVELOPE);
555
556 int
i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE * a,unsigned char ** out)557 i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, unsigned char **out)
558 {
559 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ENVELOPE_it);
560 }
561 LCRYPTO_ALIAS(i2d_PKCS7_ENVELOPE);
562
563 PKCS7_ENVELOPE *
PKCS7_ENVELOPE_new(void)564 PKCS7_ENVELOPE_new(void)
565 {
566 return (PKCS7_ENVELOPE *)ASN1_item_new(&PKCS7_ENVELOPE_it);
567 }
568 LCRYPTO_ALIAS(PKCS7_ENVELOPE_new);
569
570 void
PKCS7_ENVELOPE_free(PKCS7_ENVELOPE * a)571 PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a)
572 {
573 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ENVELOPE_it);
574 }
575 LCRYPTO_ALIAS(PKCS7_ENVELOPE_free);
576
577 /* Minor tweak to operation: free up X509 */
578 static int
ri_cb(int operation,ASN1_VALUE ** pval,const ASN1_ITEM * it,void * exarg)579 ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
580 {
581 if (operation == ASN1_OP_FREE_POST) {
582 PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
583 X509_free(ri->cert);
584 }
585 return 1;
586 }
587
588 static const ASN1_AUX PKCS7_RECIP_INFO_aux = {
589 .app_data = NULL,
590 .flags = 0,
591 .ref_offset = 0,
592 .ref_lock = 0,
593 .asn1_cb = ri_cb,
594 .enc_offset = 0,
595 };
596 static const ASN1_TEMPLATE PKCS7_RECIP_INFO_seq_tt[] = {
597 {
598 .flags = 0,
599 .tag = 0,
600 .offset = offsetof(PKCS7_RECIP_INFO, version),
601 .field_name = "version",
602 .item = &ASN1_INTEGER_it,
603 },
604 {
605 .flags = 0,
606 .tag = 0,
607 .offset = offsetof(PKCS7_RECIP_INFO, issuer_and_serial),
608 .field_name = "issuer_and_serial",
609 .item = &PKCS7_ISSUER_AND_SERIAL_it,
610 },
611 {
612 .flags = 0,
613 .tag = 0,
614 .offset = offsetof(PKCS7_RECIP_INFO, key_enc_algor),
615 .field_name = "key_enc_algor",
616 .item = &X509_ALGOR_it,
617 },
618 {
619 .flags = 0,
620 .tag = 0,
621 .offset = offsetof(PKCS7_RECIP_INFO, enc_key),
622 .field_name = "enc_key",
623 .item = &ASN1_OCTET_STRING_it,
624 },
625 };
626
627 const ASN1_ITEM PKCS7_RECIP_INFO_it = {
628 .itype = ASN1_ITYPE_SEQUENCE,
629 .utype = V_ASN1_SEQUENCE,
630 .templates = PKCS7_RECIP_INFO_seq_tt,
631 .tcount = sizeof(PKCS7_RECIP_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
632 .funcs = &PKCS7_RECIP_INFO_aux,
633 .size = sizeof(PKCS7_RECIP_INFO),
634 .sname = "PKCS7_RECIP_INFO",
635 };
636
637
638 PKCS7_RECIP_INFO *
d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO ** a,const unsigned char ** in,long len)639 d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a, const unsigned char **in, long len)
640 {
641 return (PKCS7_RECIP_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
642 &PKCS7_RECIP_INFO_it);
643 }
644 LCRYPTO_ALIAS(d2i_PKCS7_RECIP_INFO);
645
646 int
i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO * a,unsigned char ** out)647 i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, unsigned char **out)
648 {
649 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_RECIP_INFO_it);
650 }
651 LCRYPTO_ALIAS(i2d_PKCS7_RECIP_INFO);
652
653 PKCS7_RECIP_INFO *
PKCS7_RECIP_INFO_new(void)654 PKCS7_RECIP_INFO_new(void)
655 {
656 return (PKCS7_RECIP_INFO *)ASN1_item_new(&PKCS7_RECIP_INFO_it);
657 }
658 LCRYPTO_ALIAS(PKCS7_RECIP_INFO_new);
659
660 void
PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO * a)661 PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a)
662 {
663 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_RECIP_INFO_it);
664 }
665 LCRYPTO_ALIAS(PKCS7_RECIP_INFO_free);
666
667 static const ASN1_TEMPLATE PKCS7_ENC_CONTENT_seq_tt[] = {
668 {
669 .flags = 0,
670 .tag = 0,
671 .offset = offsetof(PKCS7_ENC_CONTENT, content_type),
672 .field_name = "content_type",
673 .item = &ASN1_OBJECT_it,
674 },
675 {
676 .flags = 0,
677 .tag = 0,
678 .offset = offsetof(PKCS7_ENC_CONTENT, algorithm),
679 .field_name = "algorithm",
680 .item = &X509_ALGOR_it,
681 },
682 {
683 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
684 .tag = 0,
685 .offset = offsetof(PKCS7_ENC_CONTENT, enc_data),
686 .field_name = "enc_data",
687 .item = &ASN1_OCTET_STRING_NDEF_it,
688 },
689 };
690
691 const ASN1_ITEM PKCS7_ENC_CONTENT_it = {
692 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
693 .utype = V_ASN1_SEQUENCE,
694 .templates = PKCS7_ENC_CONTENT_seq_tt,
695 .tcount = sizeof(PKCS7_ENC_CONTENT_seq_tt) / sizeof(ASN1_TEMPLATE),
696 .funcs = NULL,
697 .size = sizeof(PKCS7_ENC_CONTENT),
698 .sname = "PKCS7_ENC_CONTENT",
699 };
700
701
702 PKCS7_ENC_CONTENT *
d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT ** a,const unsigned char ** in,long len)703 d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a, const unsigned char **in, long len)
704 {
705 return (PKCS7_ENC_CONTENT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
706 &PKCS7_ENC_CONTENT_it);
707 }
708 LCRYPTO_ALIAS(d2i_PKCS7_ENC_CONTENT);
709
710 int
i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT * a,unsigned char ** out)711 i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, unsigned char **out)
712 {
713 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ENC_CONTENT_it);
714 }
715 LCRYPTO_ALIAS(i2d_PKCS7_ENC_CONTENT);
716
717 PKCS7_ENC_CONTENT *
PKCS7_ENC_CONTENT_new(void)718 PKCS7_ENC_CONTENT_new(void)
719 {
720 return (PKCS7_ENC_CONTENT *)ASN1_item_new(&PKCS7_ENC_CONTENT_it);
721 }
722 LCRYPTO_ALIAS(PKCS7_ENC_CONTENT_new);
723
724 void
PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT * a)725 PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a)
726 {
727 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ENC_CONTENT_it);
728 }
729 LCRYPTO_ALIAS(PKCS7_ENC_CONTENT_free);
730
731 static const ASN1_TEMPLATE PKCS7_SIGN_ENVELOPE_seq_tt[] = {
732 {
733 .flags = 0,
734 .tag = 0,
735 .offset = offsetof(PKCS7_SIGN_ENVELOPE, version),
736 .field_name = "version",
737 .item = &ASN1_INTEGER_it,
738 },
739 {
740 .flags = ASN1_TFLG_SET_OF,
741 .tag = 0,
742 .offset = offsetof(PKCS7_SIGN_ENVELOPE, recipientinfo),
743 .field_name = "recipientinfo",
744 .item = &PKCS7_RECIP_INFO_it,
745 },
746 {
747 .flags = ASN1_TFLG_SET_OF,
748 .tag = 0,
749 .offset = offsetof(PKCS7_SIGN_ENVELOPE, md_algs),
750 .field_name = "md_algs",
751 .item = &X509_ALGOR_it,
752 },
753 {
754 .flags = 0,
755 .tag = 0,
756 .offset = offsetof(PKCS7_SIGN_ENVELOPE, enc_data),
757 .field_name = "enc_data",
758 .item = &PKCS7_ENC_CONTENT_it,
759 },
760 {
761 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
762 .tag = 0,
763 .offset = offsetof(PKCS7_SIGN_ENVELOPE, cert),
764 .field_name = "cert",
765 .item = &X509_it,
766 },
767 {
768 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
769 .tag = 1,
770 .offset = offsetof(PKCS7_SIGN_ENVELOPE, crl),
771 .field_name = "crl",
772 .item = &X509_CRL_it,
773 },
774 {
775 .flags = ASN1_TFLG_SET_OF,
776 .tag = 0,
777 .offset = offsetof(PKCS7_SIGN_ENVELOPE, signer_info),
778 .field_name = "signer_info",
779 .item = &PKCS7_SIGNER_INFO_it,
780 },
781 };
782
783 const ASN1_ITEM PKCS7_SIGN_ENVELOPE_it = {
784 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
785 .utype = V_ASN1_SEQUENCE,
786 .templates = PKCS7_SIGN_ENVELOPE_seq_tt,
787 .tcount = sizeof(PKCS7_SIGN_ENVELOPE_seq_tt) / sizeof(ASN1_TEMPLATE),
788 .funcs = NULL,
789 .size = sizeof(PKCS7_SIGN_ENVELOPE),
790 .sname = "PKCS7_SIGN_ENVELOPE",
791 };
792
793
794 PKCS7_SIGN_ENVELOPE *
d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE ** a,const unsigned char ** in,long len)795 d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a, const unsigned char **in, long len)
796 {
797 return (PKCS7_SIGN_ENVELOPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
798 &PKCS7_SIGN_ENVELOPE_it);
799 }
800 LCRYPTO_ALIAS(d2i_PKCS7_SIGN_ENVELOPE);
801
802 int
i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE * a,unsigned char ** out)803 i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, unsigned char **out)
804 {
805 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_SIGN_ENVELOPE_it);
806 }
807 LCRYPTO_ALIAS(i2d_PKCS7_SIGN_ENVELOPE);
808
809 PKCS7_SIGN_ENVELOPE *
PKCS7_SIGN_ENVELOPE_new(void)810 PKCS7_SIGN_ENVELOPE_new(void)
811 {
812 return (PKCS7_SIGN_ENVELOPE *)ASN1_item_new(&PKCS7_SIGN_ENVELOPE_it);
813 }
814 LCRYPTO_ALIAS(PKCS7_SIGN_ENVELOPE_new);
815
816 void
PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE * a)817 PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a)
818 {
819 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_SIGN_ENVELOPE_it);
820 }
821 LCRYPTO_ALIAS(PKCS7_SIGN_ENVELOPE_free);
822
823 static const ASN1_TEMPLATE PKCS7_ENCRYPT_seq_tt[] = {
824 {
825 .flags = 0,
826 .tag = 0,
827 .offset = offsetof(PKCS7_ENCRYPT, version),
828 .field_name = "version",
829 .item = &ASN1_INTEGER_it,
830 },
831 {
832 .flags = 0,
833 .tag = 0,
834 .offset = offsetof(PKCS7_ENCRYPT, enc_data),
835 .field_name = "enc_data",
836 .item = &PKCS7_ENC_CONTENT_it,
837 },
838 };
839
840 const ASN1_ITEM PKCS7_ENCRYPT_it = {
841 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
842 .utype = V_ASN1_SEQUENCE,
843 .templates = PKCS7_ENCRYPT_seq_tt,
844 .tcount = sizeof(PKCS7_ENCRYPT_seq_tt) / sizeof(ASN1_TEMPLATE),
845 .funcs = NULL,
846 .size = sizeof(PKCS7_ENCRYPT),
847 .sname = "PKCS7_ENCRYPT",
848 };
849
850
851 PKCS7_ENCRYPT *
d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT ** a,const unsigned char ** in,long len)852 d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, const unsigned char **in, long len)
853 {
854 return (PKCS7_ENCRYPT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
855 &PKCS7_ENCRYPT_it);
856 }
857 LCRYPTO_ALIAS(d2i_PKCS7_ENCRYPT);
858
859 int
i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT * a,unsigned char ** out)860 i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, unsigned char **out)
861 {
862 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ENCRYPT_it);
863 }
864 LCRYPTO_ALIAS(i2d_PKCS7_ENCRYPT);
865
866 PKCS7_ENCRYPT *
PKCS7_ENCRYPT_new(void)867 PKCS7_ENCRYPT_new(void)
868 {
869 return (PKCS7_ENCRYPT *)ASN1_item_new(&PKCS7_ENCRYPT_it);
870 }
871 LCRYPTO_ALIAS(PKCS7_ENCRYPT_new);
872
873 void
PKCS7_ENCRYPT_free(PKCS7_ENCRYPT * a)874 PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a)
875 {
876 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ENCRYPT_it);
877 }
878 LCRYPTO_ALIAS(PKCS7_ENCRYPT_free);
879
880 static const ASN1_TEMPLATE PKCS7_DIGEST_seq_tt[] = {
881 {
882 .flags = 0,
883 .tag = 0,
884 .offset = offsetof(PKCS7_DIGEST, version),
885 .field_name = "version",
886 .item = &ASN1_INTEGER_it,
887 },
888 {
889 .flags = 0,
890 .tag = 0,
891 .offset = offsetof(PKCS7_DIGEST, md),
892 .field_name = "md",
893 .item = &X509_ALGOR_it,
894 },
895 {
896 .flags = 0,
897 .tag = 0,
898 .offset = offsetof(PKCS7_DIGEST, contents),
899 .field_name = "contents",
900 .item = &PKCS7_it,
901 },
902 {
903 .flags = 0,
904 .tag = 0,
905 .offset = offsetof(PKCS7_DIGEST, digest),
906 .field_name = "digest",
907 .item = &ASN1_OCTET_STRING_it,
908 },
909 };
910
911 const ASN1_ITEM PKCS7_DIGEST_it = {
912 .itype = ASN1_ITYPE_NDEF_SEQUENCE,
913 .utype = V_ASN1_SEQUENCE,
914 .templates = PKCS7_DIGEST_seq_tt,
915 .tcount = sizeof(PKCS7_DIGEST_seq_tt) / sizeof(ASN1_TEMPLATE),
916 .funcs = NULL,
917 .size = sizeof(PKCS7_DIGEST),
918 .sname = "PKCS7_DIGEST",
919 };
920
921
922 PKCS7_DIGEST *
d2i_PKCS7_DIGEST(PKCS7_DIGEST ** a,const unsigned char ** in,long len)923 d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, const unsigned char **in, long len)
924 {
925 return (PKCS7_DIGEST *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
926 &PKCS7_DIGEST_it);
927 }
928 LCRYPTO_ALIAS(d2i_PKCS7_DIGEST);
929
930 int
i2d_PKCS7_DIGEST(PKCS7_DIGEST * a,unsigned char ** out)931 i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, unsigned char **out)
932 {
933 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_DIGEST_it);
934 }
935 LCRYPTO_ALIAS(i2d_PKCS7_DIGEST);
936
937 PKCS7_DIGEST *
PKCS7_DIGEST_new(void)938 PKCS7_DIGEST_new(void)
939 {
940 return (PKCS7_DIGEST *)ASN1_item_new(&PKCS7_DIGEST_it);
941 }
942 LCRYPTO_ALIAS(PKCS7_DIGEST_new);
943
944 void
PKCS7_DIGEST_free(PKCS7_DIGEST * a)945 PKCS7_DIGEST_free(PKCS7_DIGEST *a)
946 {
947 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_DIGEST_it);
948 }
949 LCRYPTO_ALIAS(PKCS7_DIGEST_free);
950
951 /* Specials for authenticated attributes */
952
953 /* When signing attributes we want to reorder them to match the sorted
954 * encoding.
955 */
956
957 static const ASN1_TEMPLATE PKCS7_ATTR_SIGN_item_tt = {
958 .flags = ASN1_TFLG_SET_ORDER,
959 .tag = 0,
960 .offset = 0,
961 .field_name = "PKCS7_ATTRIBUTES",
962 .item = &X509_ATTRIBUTE_it,
963 };
964
965 const ASN1_ITEM PKCS7_ATTR_SIGN_it = {
966 .itype = ASN1_ITYPE_PRIMITIVE,
967 .utype = -1,
968 .templates = &PKCS7_ATTR_SIGN_item_tt,
969 .tcount = 0,
970 .funcs = NULL,
971 .size = 0,
972 .sname = "PKCS7_ATTR_SIGN",
973 };
974
975 /* When verifying attributes we need to use the received order. So
976 * we use SEQUENCE OF and tag it to SET OF
977 */
978
979 static const ASN1_TEMPLATE PKCS7_ATTR_VERIFY_item_tt = {
980 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
981 .tag = V_ASN1_SET,
982 .offset = 0,
983 .field_name = "PKCS7_ATTRIBUTES",
984 .item = &X509_ATTRIBUTE_it,
985 };
986
987 const ASN1_ITEM PKCS7_ATTR_VERIFY_it = {
988 .itype = ASN1_ITYPE_PRIMITIVE,
989 .utype = -1,
990 .templates = &PKCS7_ATTR_VERIFY_item_tt,
991 .tcount = 0,
992 .funcs = NULL,
993 .size = 0,
994 .sname = "PKCS7_ATTR_VERIFY",
995 };
996
997
998 int
PKCS7_print_ctx(BIO * out,PKCS7 * x,int indent,const ASN1_PCTX * pctx)999 PKCS7_print_ctx(BIO *out, PKCS7 *x, int indent, const ASN1_PCTX *pctx)
1000 {
1001 return ASN1_item_print(out, (ASN1_VALUE *)x, indent,
1002 &PKCS7_it, pctx);
1003 }
1004 LCRYPTO_ALIAS(PKCS7_print_ctx);
1005
1006 PKCS7 *
d2i_PKCS7_bio(BIO * bp,PKCS7 ** p7)1007 d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
1008 {
1009 return ASN1_item_d2i_bio(&PKCS7_it, bp, p7);
1010 }
1011 LCRYPTO_ALIAS(d2i_PKCS7_bio);
1012
1013 int
i2d_PKCS7_bio(BIO * bp,PKCS7 * p7)1014 i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
1015 {
1016 return ASN1_item_i2d_bio(&PKCS7_it, bp, p7);
1017 }
1018 LCRYPTO_ALIAS(i2d_PKCS7_bio);
1019
1020 PKCS7 *
d2i_PKCS7_fp(FILE * fp,PKCS7 ** p7)1021 d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
1022 {
1023 return ASN1_item_d2i_fp(&PKCS7_it, fp, p7);
1024 }
1025 LCRYPTO_ALIAS(d2i_PKCS7_fp);
1026
1027 int
i2d_PKCS7_fp(FILE * fp,PKCS7 * p7)1028 i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
1029 {
1030 return ASN1_item_i2d_fp(&PKCS7_it, fp, p7);
1031 }
1032 LCRYPTO_ALIAS(i2d_PKCS7_fp);
1033
1034 int
PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL * data,const EVP_MD * type,unsigned char * md,unsigned int * len)1035 PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
1036 const EVP_MD *type, unsigned char *md, unsigned int *len)
1037 {
1038 return(ASN1_item_digest(&PKCS7_ISSUER_AND_SERIAL_it, type,
1039 (char *)data, md, len));
1040 }
1041 LCRYPTO_ALIAS(PKCS7_ISSUER_AND_SERIAL_digest);
1042