1 /* $OpenBSD: pk7_asn1.c,v 1.17 2023/04/25 18:04:03 tb Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2000. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/asn1t.h> 62 #include <openssl/pkcs7.h> 63 #include <openssl/x509.h> 64 65 /* PKCS#7 ASN1 module */ 66 67 /* This is the ANY DEFINED BY table for the top level PKCS#7 structure */ 68 69 static const ASN1_TEMPLATE p7default_tt = { 70 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL, 71 .tag = 0, 72 .offset = offsetof(PKCS7, d.other), 73 .field_name = "d.other", 74 .item = &ASN1_ANY_it, 75 }; 76 77 static const ASN1_ADB_TABLE PKCS7_adbtbl[] = { 78 { 79 .value = NID_pkcs7_data, 80 .tt = { 81 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, 82 .tag = 0, 83 .offset = offsetof(PKCS7, d.data), 84 .field_name = "d.data", 85 .item = &ASN1_OCTET_STRING_NDEF_it, 86 }, 87 88 }, 89 { 90 .value = NID_pkcs7_signed, 91 .tt = { 92 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, 93 .tag = 0, 94 .offset = offsetof(PKCS7, d.sign), 95 .field_name = "d.sign", 96 .item = &PKCS7_SIGNED_it, 97 }, 98 99 }, 100 { 101 .value = NID_pkcs7_enveloped, 102 .tt = { 103 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, 104 .tag = 0, 105 .offset = offsetof(PKCS7, d.enveloped), 106 .field_name = "d.enveloped", 107 .item = &PKCS7_ENVELOPE_it, 108 }, 109 110 }, 111 { 112 .value = NID_pkcs7_signedAndEnveloped, 113 .tt = { 114 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, 115 .tag = 0, 116 .offset = offsetof(PKCS7, d.signed_and_enveloped), 117 .field_name = "d.signed_and_enveloped", 118 .item = &PKCS7_SIGN_ENVELOPE_it, 119 }, 120 121 }, 122 { 123 .value = NID_pkcs7_digest, 124 .tt = { 125 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, 126 .tag = 0, 127 .offset = offsetof(PKCS7, d.digest), 128 .field_name = "d.digest", 129 .item = &PKCS7_DIGEST_it, 130 }, 131 132 }, 133 { 134 .value = NID_pkcs7_encrypted, 135 .tt = { 136 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL | ASN1_TFLG_NDEF, 137 .tag = 0, 138 .offset = offsetof(PKCS7, d.encrypted), 139 .field_name = "d.encrypted", 140 .item = &PKCS7_ENCRYPT_it, 141 }, 142 143 }, 144 }; 145 146 static const ASN1_ADB PKCS7_adb = { 147 .flags = 0, 148 .offset = offsetof(PKCS7, type), 149 .tbl = PKCS7_adbtbl, 150 .tblcount = sizeof(PKCS7_adbtbl) / sizeof(ASN1_ADB_TABLE), 151 .default_tt = &p7default_tt, 152 .null_tt = NULL, 153 }; 154 155 /* PKCS#7 streaming support */ 156 static int 157 pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 158 { 159 ASN1_STREAM_ARG *sarg = exarg; 160 PKCS7 **pp7 = (PKCS7 **)pval; 161 162 switch (operation) { 163 case ASN1_OP_STREAM_PRE: 164 if (PKCS7_stream(&sarg->boundary, *pp7) <= 0) 165 return 0; 166 /* FALLTHROUGH */ 167 168 case ASN1_OP_DETACHED_PRE: 169 sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out); 170 if (!sarg->ndef_bio) 171 return 0; 172 break; 173 174 case ASN1_OP_STREAM_POST: 175 case ASN1_OP_DETACHED_POST: 176 if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0) 177 return 0; 178 break; 179 } 180 return 1; 181 } 182 183 static const ASN1_AUX PKCS7_aux = { 184 .app_data = NULL, 185 .flags = 0, 186 .ref_offset = 0, 187 .ref_lock = 0, 188 .asn1_cb = pk7_cb, 189 .enc_offset = 0, 190 }; 191 static const ASN1_TEMPLATE PKCS7_seq_tt[] = { 192 { 193 .flags = 0, 194 .tag = 0, 195 .offset = offsetof(PKCS7, type), 196 .field_name = "type", 197 .item = &ASN1_OBJECT_it, 198 }, 199 { 200 .flags = ASN1_TFLG_ADB_OID, 201 .tag = -1, 202 .offset = 0, 203 .field_name = "PKCS7", 204 .item = (const ASN1_ITEM *)&PKCS7_adb, 205 }, 206 }; 207 208 const ASN1_ITEM PKCS7_it = { 209 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 210 .utype = V_ASN1_SEQUENCE, 211 .templates = PKCS7_seq_tt, 212 .tcount = sizeof(PKCS7_seq_tt) / sizeof(ASN1_TEMPLATE), 213 .funcs = &PKCS7_aux, 214 .size = sizeof(PKCS7), 215 .sname = "PKCS7", 216 }; 217 218 219 PKCS7 * 220 d2i_PKCS7(PKCS7 **a, const unsigned char **in, long len) 221 { 222 return (PKCS7 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 223 &PKCS7_it); 224 } 225 LCRYPTO_ALIAS(d2i_PKCS7); 226 227 int 228 i2d_PKCS7(PKCS7 *a, unsigned char **out) 229 { 230 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_it); 231 } 232 LCRYPTO_ALIAS(i2d_PKCS7); 233 234 PKCS7 * 235 PKCS7_new(void) 236 { 237 return (PKCS7 *)ASN1_item_new(&PKCS7_it); 238 } 239 LCRYPTO_ALIAS(PKCS7_new); 240 241 void 242 PKCS7_free(PKCS7 *a) 243 { 244 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_it); 245 } 246 LCRYPTO_ALIAS(PKCS7_free); 247 248 PKCS7 * 249 PKCS7_dup(PKCS7 *x) 250 { 251 return ASN1_item_dup(&PKCS7_it, x); 252 } 253 LCRYPTO_ALIAS(PKCS7_dup); 254 255 static const ASN1_TEMPLATE PKCS7_SIGNED_seq_tt[] = { 256 { 257 .flags = 0, 258 .tag = 0, 259 .offset = offsetof(PKCS7_SIGNED, version), 260 .field_name = "version", 261 .item = &ASN1_INTEGER_it, 262 }, 263 { 264 .flags = ASN1_TFLG_SET_OF, 265 .tag = 0, 266 .offset = offsetof(PKCS7_SIGNED, md_algs), 267 .field_name = "md_algs", 268 .item = &X509_ALGOR_it, 269 }, 270 { 271 .flags = 0, 272 .tag = 0, 273 .offset = offsetof(PKCS7_SIGNED, contents), 274 .field_name = "contents", 275 .item = &PKCS7_it, 276 }, 277 { 278 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, 279 .tag = 0, 280 .offset = offsetof(PKCS7_SIGNED, cert), 281 .field_name = "cert", 282 .item = &X509_it, 283 }, 284 { 285 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 286 .tag = 1, 287 .offset = offsetof(PKCS7_SIGNED, crl), 288 .field_name = "crl", 289 .item = &X509_CRL_it, 290 }, 291 { 292 .flags = ASN1_TFLG_SET_OF, 293 .tag = 0, 294 .offset = offsetof(PKCS7_SIGNED, signer_info), 295 .field_name = "signer_info", 296 .item = &PKCS7_SIGNER_INFO_it, 297 }, 298 }; 299 300 const ASN1_ITEM PKCS7_SIGNED_it = { 301 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 302 .utype = V_ASN1_SEQUENCE, 303 .templates = PKCS7_SIGNED_seq_tt, 304 .tcount = sizeof(PKCS7_SIGNED_seq_tt) / sizeof(ASN1_TEMPLATE), 305 .funcs = NULL, 306 .size = sizeof(PKCS7_SIGNED), 307 .sname = "PKCS7_SIGNED", 308 }; 309 310 311 PKCS7_SIGNED * 312 d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, const unsigned char **in, long len) 313 { 314 return (PKCS7_SIGNED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 315 &PKCS7_SIGNED_it); 316 } 317 LCRYPTO_ALIAS(d2i_PKCS7_SIGNED); 318 319 int 320 i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, unsigned char **out) 321 { 322 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_SIGNED_it); 323 } 324 LCRYPTO_ALIAS(i2d_PKCS7_SIGNED); 325 326 PKCS7_SIGNED * 327 PKCS7_SIGNED_new(void) 328 { 329 return (PKCS7_SIGNED *)ASN1_item_new(&PKCS7_SIGNED_it); 330 } 331 LCRYPTO_ALIAS(PKCS7_SIGNED_new); 332 333 void 334 PKCS7_SIGNED_free(PKCS7_SIGNED *a) 335 { 336 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_SIGNED_it); 337 } 338 LCRYPTO_ALIAS(PKCS7_SIGNED_free); 339 340 /* Minor tweak to operation: free up EVP_PKEY */ 341 static int 342 si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 343 { 344 if (operation == ASN1_OP_FREE_POST) { 345 PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval; 346 EVP_PKEY_free(si->pkey); 347 } 348 return 1; 349 } 350 351 static const ASN1_AUX PKCS7_SIGNER_INFO_aux = { 352 .app_data = NULL, 353 .flags = 0, 354 .ref_offset = 0, 355 .ref_lock = 0, 356 .asn1_cb = si_cb, 357 .enc_offset = 0, 358 }; 359 static const ASN1_TEMPLATE PKCS7_SIGNER_INFO_seq_tt[] = { 360 { 361 .flags = 0, 362 .tag = 0, 363 .offset = offsetof(PKCS7_SIGNER_INFO, version), 364 .field_name = "version", 365 .item = &ASN1_INTEGER_it, 366 }, 367 { 368 .flags = 0, 369 .tag = 0, 370 .offset = offsetof(PKCS7_SIGNER_INFO, issuer_and_serial), 371 .field_name = "issuer_and_serial", 372 .item = &PKCS7_ISSUER_AND_SERIAL_it, 373 }, 374 { 375 .flags = 0, 376 .tag = 0, 377 .offset = offsetof(PKCS7_SIGNER_INFO, digest_alg), 378 .field_name = "digest_alg", 379 .item = &X509_ALGOR_it, 380 }, 381 /* NB this should be a SET OF but we use a SEQUENCE OF so the 382 * original order * is retained when the structure is reencoded. 383 * Since the attributes are implicitly tagged this will not affect 384 * the encoding. 385 */ 386 { 387 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL, 388 .tag = 0, 389 .offset = offsetof(PKCS7_SIGNER_INFO, auth_attr), 390 .field_name = "auth_attr", 391 .item = &X509_ATTRIBUTE_it, 392 }, 393 { 394 .flags = 0, 395 .tag = 0, 396 .offset = offsetof(PKCS7_SIGNER_INFO, digest_enc_alg), 397 .field_name = "digest_enc_alg", 398 .item = &X509_ALGOR_it, 399 }, 400 { 401 .flags = 0, 402 .tag = 0, 403 .offset = offsetof(PKCS7_SIGNER_INFO, enc_digest), 404 .field_name = "enc_digest", 405 .item = &ASN1_OCTET_STRING_it, 406 }, 407 { 408 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 409 .tag = 1, 410 .offset = offsetof(PKCS7_SIGNER_INFO, unauth_attr), 411 .field_name = "unauth_attr", 412 .item = &X509_ATTRIBUTE_it, 413 }, 414 }; 415 416 const ASN1_ITEM PKCS7_SIGNER_INFO_it = { 417 .itype = ASN1_ITYPE_SEQUENCE, 418 .utype = V_ASN1_SEQUENCE, 419 .templates = PKCS7_SIGNER_INFO_seq_tt, 420 .tcount = sizeof(PKCS7_SIGNER_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), 421 .funcs = &PKCS7_SIGNER_INFO_aux, 422 .size = sizeof(PKCS7_SIGNER_INFO), 423 .sname = "PKCS7_SIGNER_INFO", 424 }; 425 426 427 PKCS7_SIGNER_INFO * 428 d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a, const unsigned char **in, long len) 429 { 430 return (PKCS7_SIGNER_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 431 &PKCS7_SIGNER_INFO_it); 432 } 433 LCRYPTO_ALIAS(d2i_PKCS7_SIGNER_INFO); 434 435 int 436 i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, unsigned char **out) 437 { 438 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_SIGNER_INFO_it); 439 } 440 LCRYPTO_ALIAS(i2d_PKCS7_SIGNER_INFO); 441 442 PKCS7_SIGNER_INFO * 443 PKCS7_SIGNER_INFO_new(void) 444 { 445 return (PKCS7_SIGNER_INFO *)ASN1_item_new(&PKCS7_SIGNER_INFO_it); 446 } 447 LCRYPTO_ALIAS(PKCS7_SIGNER_INFO_new); 448 449 void 450 PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a) 451 { 452 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_SIGNER_INFO_it); 453 } 454 LCRYPTO_ALIAS(PKCS7_SIGNER_INFO_free); 455 456 static const ASN1_TEMPLATE PKCS7_ISSUER_AND_SERIAL_seq_tt[] = { 457 { 458 .flags = 0, 459 .tag = 0, 460 .offset = offsetof(PKCS7_ISSUER_AND_SERIAL, issuer), 461 .field_name = "issuer", 462 .item = &X509_NAME_it, 463 }, 464 { 465 .flags = 0, 466 .tag = 0, 467 .offset = offsetof(PKCS7_ISSUER_AND_SERIAL, serial), 468 .field_name = "serial", 469 .item = &ASN1_INTEGER_it, 470 }, 471 }; 472 473 const ASN1_ITEM PKCS7_ISSUER_AND_SERIAL_it = { 474 .itype = ASN1_ITYPE_SEQUENCE, 475 .utype = V_ASN1_SEQUENCE, 476 .templates = PKCS7_ISSUER_AND_SERIAL_seq_tt, 477 .tcount = sizeof(PKCS7_ISSUER_AND_SERIAL_seq_tt) / sizeof(ASN1_TEMPLATE), 478 .funcs = NULL, 479 .size = sizeof(PKCS7_ISSUER_AND_SERIAL), 480 .sname = "PKCS7_ISSUER_AND_SERIAL", 481 }; 482 483 484 PKCS7_ISSUER_AND_SERIAL * 485 d2i_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL **a, const unsigned char **in, long len) 486 { 487 return (PKCS7_ISSUER_AND_SERIAL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 488 &PKCS7_ISSUER_AND_SERIAL_it); 489 } 490 LCRYPTO_ALIAS(d2i_PKCS7_ISSUER_AND_SERIAL); 491 492 int 493 i2d_PKCS7_ISSUER_AND_SERIAL(PKCS7_ISSUER_AND_SERIAL *a, unsigned char **out) 494 { 495 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ISSUER_AND_SERIAL_it); 496 } 497 LCRYPTO_ALIAS(i2d_PKCS7_ISSUER_AND_SERIAL); 498 499 PKCS7_ISSUER_AND_SERIAL * 500 PKCS7_ISSUER_AND_SERIAL_new(void) 501 { 502 return (PKCS7_ISSUER_AND_SERIAL *)ASN1_item_new(&PKCS7_ISSUER_AND_SERIAL_it); 503 } 504 LCRYPTO_ALIAS(PKCS7_ISSUER_AND_SERIAL_new); 505 506 void 507 PKCS7_ISSUER_AND_SERIAL_free(PKCS7_ISSUER_AND_SERIAL *a) 508 { 509 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ISSUER_AND_SERIAL_it); 510 } 511 LCRYPTO_ALIAS(PKCS7_ISSUER_AND_SERIAL_free); 512 513 static const ASN1_TEMPLATE PKCS7_ENVELOPE_seq_tt[] = { 514 { 515 .flags = 0, 516 .tag = 0, 517 .offset = offsetof(PKCS7_ENVELOPE, version), 518 .field_name = "version", 519 .item = &ASN1_INTEGER_it, 520 }, 521 { 522 .flags = ASN1_TFLG_SET_OF, 523 .tag = 0, 524 .offset = offsetof(PKCS7_ENVELOPE, recipientinfo), 525 .field_name = "recipientinfo", 526 .item = &PKCS7_RECIP_INFO_it, 527 }, 528 { 529 .flags = 0, 530 .tag = 0, 531 .offset = offsetof(PKCS7_ENVELOPE, enc_data), 532 .field_name = "enc_data", 533 .item = &PKCS7_ENC_CONTENT_it, 534 }, 535 }; 536 537 const ASN1_ITEM PKCS7_ENVELOPE_it = { 538 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 539 .utype = V_ASN1_SEQUENCE, 540 .templates = PKCS7_ENVELOPE_seq_tt, 541 .tcount = sizeof(PKCS7_ENVELOPE_seq_tt) / sizeof(ASN1_TEMPLATE), 542 .funcs = NULL, 543 .size = sizeof(PKCS7_ENVELOPE), 544 .sname = "PKCS7_ENVELOPE", 545 }; 546 547 548 PKCS7_ENVELOPE * 549 d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, const unsigned char **in, long len) 550 { 551 return (PKCS7_ENVELOPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 552 &PKCS7_ENVELOPE_it); 553 } 554 LCRYPTO_ALIAS(d2i_PKCS7_ENVELOPE); 555 556 int 557 i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, unsigned char **out) 558 { 559 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ENVELOPE_it); 560 } 561 LCRYPTO_ALIAS(i2d_PKCS7_ENVELOPE); 562 563 PKCS7_ENVELOPE * 564 PKCS7_ENVELOPE_new(void) 565 { 566 return (PKCS7_ENVELOPE *)ASN1_item_new(&PKCS7_ENVELOPE_it); 567 } 568 LCRYPTO_ALIAS(PKCS7_ENVELOPE_new); 569 570 void 571 PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a) 572 { 573 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ENVELOPE_it); 574 } 575 LCRYPTO_ALIAS(PKCS7_ENVELOPE_free); 576 577 /* Minor tweak to operation: free up X509 */ 578 static int 579 ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg) 580 { 581 if (operation == ASN1_OP_FREE_POST) { 582 PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval; 583 X509_free(ri->cert); 584 } 585 return 1; 586 } 587 588 static const ASN1_AUX PKCS7_RECIP_INFO_aux = { 589 .app_data = NULL, 590 .flags = 0, 591 .ref_offset = 0, 592 .ref_lock = 0, 593 .asn1_cb = ri_cb, 594 .enc_offset = 0, 595 }; 596 static const ASN1_TEMPLATE PKCS7_RECIP_INFO_seq_tt[] = { 597 { 598 .flags = 0, 599 .tag = 0, 600 .offset = offsetof(PKCS7_RECIP_INFO, version), 601 .field_name = "version", 602 .item = &ASN1_INTEGER_it, 603 }, 604 { 605 .flags = 0, 606 .tag = 0, 607 .offset = offsetof(PKCS7_RECIP_INFO, issuer_and_serial), 608 .field_name = "issuer_and_serial", 609 .item = &PKCS7_ISSUER_AND_SERIAL_it, 610 }, 611 { 612 .flags = 0, 613 .tag = 0, 614 .offset = offsetof(PKCS7_RECIP_INFO, key_enc_algor), 615 .field_name = "key_enc_algor", 616 .item = &X509_ALGOR_it, 617 }, 618 { 619 .flags = 0, 620 .tag = 0, 621 .offset = offsetof(PKCS7_RECIP_INFO, enc_key), 622 .field_name = "enc_key", 623 .item = &ASN1_OCTET_STRING_it, 624 }, 625 }; 626 627 const ASN1_ITEM PKCS7_RECIP_INFO_it = { 628 .itype = ASN1_ITYPE_SEQUENCE, 629 .utype = V_ASN1_SEQUENCE, 630 .templates = PKCS7_RECIP_INFO_seq_tt, 631 .tcount = sizeof(PKCS7_RECIP_INFO_seq_tt) / sizeof(ASN1_TEMPLATE), 632 .funcs = &PKCS7_RECIP_INFO_aux, 633 .size = sizeof(PKCS7_RECIP_INFO), 634 .sname = "PKCS7_RECIP_INFO", 635 }; 636 637 638 PKCS7_RECIP_INFO * 639 d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a, const unsigned char **in, long len) 640 { 641 return (PKCS7_RECIP_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 642 &PKCS7_RECIP_INFO_it); 643 } 644 LCRYPTO_ALIAS(d2i_PKCS7_RECIP_INFO); 645 646 int 647 i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, unsigned char **out) 648 { 649 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_RECIP_INFO_it); 650 } 651 LCRYPTO_ALIAS(i2d_PKCS7_RECIP_INFO); 652 653 PKCS7_RECIP_INFO * 654 PKCS7_RECIP_INFO_new(void) 655 { 656 return (PKCS7_RECIP_INFO *)ASN1_item_new(&PKCS7_RECIP_INFO_it); 657 } 658 LCRYPTO_ALIAS(PKCS7_RECIP_INFO_new); 659 660 void 661 PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a) 662 { 663 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_RECIP_INFO_it); 664 } 665 LCRYPTO_ALIAS(PKCS7_RECIP_INFO_free); 666 667 static const ASN1_TEMPLATE PKCS7_ENC_CONTENT_seq_tt[] = { 668 { 669 .flags = 0, 670 .tag = 0, 671 .offset = offsetof(PKCS7_ENC_CONTENT, content_type), 672 .field_name = "content_type", 673 .item = &ASN1_OBJECT_it, 674 }, 675 { 676 .flags = 0, 677 .tag = 0, 678 .offset = offsetof(PKCS7_ENC_CONTENT, algorithm), 679 .field_name = "algorithm", 680 .item = &X509_ALGOR_it, 681 }, 682 { 683 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL, 684 .tag = 0, 685 .offset = offsetof(PKCS7_ENC_CONTENT, enc_data), 686 .field_name = "enc_data", 687 .item = &ASN1_OCTET_STRING_NDEF_it, 688 }, 689 }; 690 691 const ASN1_ITEM PKCS7_ENC_CONTENT_it = { 692 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 693 .utype = V_ASN1_SEQUENCE, 694 .templates = PKCS7_ENC_CONTENT_seq_tt, 695 .tcount = sizeof(PKCS7_ENC_CONTENT_seq_tt) / sizeof(ASN1_TEMPLATE), 696 .funcs = NULL, 697 .size = sizeof(PKCS7_ENC_CONTENT), 698 .sname = "PKCS7_ENC_CONTENT", 699 }; 700 701 702 PKCS7_ENC_CONTENT * 703 d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a, const unsigned char **in, long len) 704 { 705 return (PKCS7_ENC_CONTENT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 706 &PKCS7_ENC_CONTENT_it); 707 } 708 LCRYPTO_ALIAS(d2i_PKCS7_ENC_CONTENT); 709 710 int 711 i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, unsigned char **out) 712 { 713 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ENC_CONTENT_it); 714 } 715 LCRYPTO_ALIAS(i2d_PKCS7_ENC_CONTENT); 716 717 PKCS7_ENC_CONTENT * 718 PKCS7_ENC_CONTENT_new(void) 719 { 720 return (PKCS7_ENC_CONTENT *)ASN1_item_new(&PKCS7_ENC_CONTENT_it); 721 } 722 LCRYPTO_ALIAS(PKCS7_ENC_CONTENT_new); 723 724 void 725 PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a) 726 { 727 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ENC_CONTENT_it); 728 } 729 LCRYPTO_ALIAS(PKCS7_ENC_CONTENT_free); 730 731 static const ASN1_TEMPLATE PKCS7_SIGN_ENVELOPE_seq_tt[] = { 732 { 733 .flags = 0, 734 .tag = 0, 735 .offset = offsetof(PKCS7_SIGN_ENVELOPE, version), 736 .field_name = "version", 737 .item = &ASN1_INTEGER_it, 738 }, 739 { 740 .flags = ASN1_TFLG_SET_OF, 741 .tag = 0, 742 .offset = offsetof(PKCS7_SIGN_ENVELOPE, recipientinfo), 743 .field_name = "recipientinfo", 744 .item = &PKCS7_RECIP_INFO_it, 745 }, 746 { 747 .flags = ASN1_TFLG_SET_OF, 748 .tag = 0, 749 .offset = offsetof(PKCS7_SIGN_ENVELOPE, md_algs), 750 .field_name = "md_algs", 751 .item = &X509_ALGOR_it, 752 }, 753 { 754 .flags = 0, 755 .tag = 0, 756 .offset = offsetof(PKCS7_SIGN_ENVELOPE, enc_data), 757 .field_name = "enc_data", 758 .item = &PKCS7_ENC_CONTENT_it, 759 }, 760 { 761 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 762 .tag = 0, 763 .offset = offsetof(PKCS7_SIGN_ENVELOPE, cert), 764 .field_name = "cert", 765 .item = &X509_it, 766 }, 767 { 768 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 769 .tag = 1, 770 .offset = offsetof(PKCS7_SIGN_ENVELOPE, crl), 771 .field_name = "crl", 772 .item = &X509_CRL_it, 773 }, 774 { 775 .flags = ASN1_TFLG_SET_OF, 776 .tag = 0, 777 .offset = offsetof(PKCS7_SIGN_ENVELOPE, signer_info), 778 .field_name = "signer_info", 779 .item = &PKCS7_SIGNER_INFO_it, 780 }, 781 }; 782 783 const ASN1_ITEM PKCS7_SIGN_ENVELOPE_it = { 784 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 785 .utype = V_ASN1_SEQUENCE, 786 .templates = PKCS7_SIGN_ENVELOPE_seq_tt, 787 .tcount = sizeof(PKCS7_SIGN_ENVELOPE_seq_tt) / sizeof(ASN1_TEMPLATE), 788 .funcs = NULL, 789 .size = sizeof(PKCS7_SIGN_ENVELOPE), 790 .sname = "PKCS7_SIGN_ENVELOPE", 791 }; 792 793 794 PKCS7_SIGN_ENVELOPE * 795 d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a, const unsigned char **in, long len) 796 { 797 return (PKCS7_SIGN_ENVELOPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 798 &PKCS7_SIGN_ENVELOPE_it); 799 } 800 LCRYPTO_ALIAS(d2i_PKCS7_SIGN_ENVELOPE); 801 802 int 803 i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, unsigned char **out) 804 { 805 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_SIGN_ENVELOPE_it); 806 } 807 LCRYPTO_ALIAS(i2d_PKCS7_SIGN_ENVELOPE); 808 809 PKCS7_SIGN_ENVELOPE * 810 PKCS7_SIGN_ENVELOPE_new(void) 811 { 812 return (PKCS7_SIGN_ENVELOPE *)ASN1_item_new(&PKCS7_SIGN_ENVELOPE_it); 813 } 814 LCRYPTO_ALIAS(PKCS7_SIGN_ENVELOPE_new); 815 816 void 817 PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a) 818 { 819 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_SIGN_ENVELOPE_it); 820 } 821 LCRYPTO_ALIAS(PKCS7_SIGN_ENVELOPE_free); 822 823 static const ASN1_TEMPLATE PKCS7_ENCRYPT_seq_tt[] = { 824 { 825 .flags = 0, 826 .tag = 0, 827 .offset = offsetof(PKCS7_ENCRYPT, version), 828 .field_name = "version", 829 .item = &ASN1_INTEGER_it, 830 }, 831 { 832 .flags = 0, 833 .tag = 0, 834 .offset = offsetof(PKCS7_ENCRYPT, enc_data), 835 .field_name = "enc_data", 836 .item = &PKCS7_ENC_CONTENT_it, 837 }, 838 }; 839 840 const ASN1_ITEM PKCS7_ENCRYPT_it = { 841 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 842 .utype = V_ASN1_SEQUENCE, 843 .templates = PKCS7_ENCRYPT_seq_tt, 844 .tcount = sizeof(PKCS7_ENCRYPT_seq_tt) / sizeof(ASN1_TEMPLATE), 845 .funcs = NULL, 846 .size = sizeof(PKCS7_ENCRYPT), 847 .sname = "PKCS7_ENCRYPT", 848 }; 849 850 851 PKCS7_ENCRYPT * 852 d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, const unsigned char **in, long len) 853 { 854 return (PKCS7_ENCRYPT *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 855 &PKCS7_ENCRYPT_it); 856 } 857 LCRYPTO_ALIAS(d2i_PKCS7_ENCRYPT); 858 859 int 860 i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, unsigned char **out) 861 { 862 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_ENCRYPT_it); 863 } 864 LCRYPTO_ALIAS(i2d_PKCS7_ENCRYPT); 865 866 PKCS7_ENCRYPT * 867 PKCS7_ENCRYPT_new(void) 868 { 869 return (PKCS7_ENCRYPT *)ASN1_item_new(&PKCS7_ENCRYPT_it); 870 } 871 LCRYPTO_ALIAS(PKCS7_ENCRYPT_new); 872 873 void 874 PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a) 875 { 876 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_ENCRYPT_it); 877 } 878 LCRYPTO_ALIAS(PKCS7_ENCRYPT_free); 879 880 static const ASN1_TEMPLATE PKCS7_DIGEST_seq_tt[] = { 881 { 882 .flags = 0, 883 .tag = 0, 884 .offset = offsetof(PKCS7_DIGEST, version), 885 .field_name = "version", 886 .item = &ASN1_INTEGER_it, 887 }, 888 { 889 .flags = 0, 890 .tag = 0, 891 .offset = offsetof(PKCS7_DIGEST, md), 892 .field_name = "md", 893 .item = &X509_ALGOR_it, 894 }, 895 { 896 .flags = 0, 897 .tag = 0, 898 .offset = offsetof(PKCS7_DIGEST, contents), 899 .field_name = "contents", 900 .item = &PKCS7_it, 901 }, 902 { 903 .flags = 0, 904 .tag = 0, 905 .offset = offsetof(PKCS7_DIGEST, digest), 906 .field_name = "digest", 907 .item = &ASN1_OCTET_STRING_it, 908 }, 909 }; 910 911 const ASN1_ITEM PKCS7_DIGEST_it = { 912 .itype = ASN1_ITYPE_NDEF_SEQUENCE, 913 .utype = V_ASN1_SEQUENCE, 914 .templates = PKCS7_DIGEST_seq_tt, 915 .tcount = sizeof(PKCS7_DIGEST_seq_tt) / sizeof(ASN1_TEMPLATE), 916 .funcs = NULL, 917 .size = sizeof(PKCS7_DIGEST), 918 .sname = "PKCS7_DIGEST", 919 }; 920 921 922 PKCS7_DIGEST * 923 d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, const unsigned char **in, long len) 924 { 925 return (PKCS7_DIGEST *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 926 &PKCS7_DIGEST_it); 927 } 928 LCRYPTO_ALIAS(d2i_PKCS7_DIGEST); 929 930 int 931 i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, unsigned char **out) 932 { 933 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS7_DIGEST_it); 934 } 935 LCRYPTO_ALIAS(i2d_PKCS7_DIGEST); 936 937 PKCS7_DIGEST * 938 PKCS7_DIGEST_new(void) 939 { 940 return (PKCS7_DIGEST *)ASN1_item_new(&PKCS7_DIGEST_it); 941 } 942 LCRYPTO_ALIAS(PKCS7_DIGEST_new); 943 944 void 945 PKCS7_DIGEST_free(PKCS7_DIGEST *a) 946 { 947 ASN1_item_free((ASN1_VALUE *)a, &PKCS7_DIGEST_it); 948 } 949 LCRYPTO_ALIAS(PKCS7_DIGEST_free); 950 951 /* Specials for authenticated attributes */ 952 953 /* When signing attributes we want to reorder them to match the sorted 954 * encoding. 955 */ 956 957 static const ASN1_TEMPLATE PKCS7_ATTR_SIGN_item_tt = { 958 .flags = ASN1_TFLG_SET_ORDER, 959 .tag = 0, 960 .offset = 0, 961 .field_name = "PKCS7_ATTRIBUTES", 962 .item = &X509_ATTRIBUTE_it, 963 }; 964 965 const ASN1_ITEM PKCS7_ATTR_SIGN_it = { 966 .itype = ASN1_ITYPE_PRIMITIVE, 967 .utype = -1, 968 .templates = &PKCS7_ATTR_SIGN_item_tt, 969 .tcount = 0, 970 .funcs = NULL, 971 .size = 0, 972 .sname = "PKCS7_ATTR_SIGN", 973 }; 974 975 /* When verifying attributes we need to use the received order. So 976 * we use SEQUENCE OF and tag it to SET OF 977 */ 978 979 static const ASN1_TEMPLATE PKCS7_ATTR_VERIFY_item_tt = { 980 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, 981 .tag = V_ASN1_SET, 982 .offset = 0, 983 .field_name = "PKCS7_ATTRIBUTES", 984 .item = &X509_ATTRIBUTE_it, 985 }; 986 987 const ASN1_ITEM PKCS7_ATTR_VERIFY_it = { 988 .itype = ASN1_ITYPE_PRIMITIVE, 989 .utype = -1, 990 .templates = &PKCS7_ATTR_VERIFY_item_tt, 991 .tcount = 0, 992 .funcs = NULL, 993 .size = 0, 994 .sname = "PKCS7_ATTR_VERIFY", 995 }; 996 997 998 int 999 PKCS7_print_ctx(BIO *out, PKCS7 *x, int indent, const ASN1_PCTX *pctx) 1000 { 1001 return ASN1_item_print(out, (ASN1_VALUE *)x, indent, 1002 &PKCS7_it, pctx); 1003 } 1004 LCRYPTO_ALIAS(PKCS7_print_ctx); 1005 1006 PKCS7 * 1007 d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) 1008 { 1009 return ASN1_item_d2i_bio(&PKCS7_it, bp, p7); 1010 } 1011 LCRYPTO_ALIAS(d2i_PKCS7_bio); 1012 1013 int 1014 i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) 1015 { 1016 return ASN1_item_i2d_bio(&PKCS7_it, bp, p7); 1017 } 1018 LCRYPTO_ALIAS(i2d_PKCS7_bio); 1019 1020 PKCS7 * 1021 d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) 1022 { 1023 return ASN1_item_d2i_fp(&PKCS7_it, fp, p7); 1024 } 1025 LCRYPTO_ALIAS(d2i_PKCS7_fp); 1026 1027 int 1028 i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) 1029 { 1030 return ASN1_item_i2d_fp(&PKCS7_it, fp, p7); 1031 } 1032 LCRYPTO_ALIAS(i2d_PKCS7_fp); 1033 1034 int 1035 PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, 1036 const EVP_MD *type, unsigned char *md, unsigned int *len) 1037 { 1038 return(ASN1_item_digest(&PKCS7_ISSUER_AND_SERIAL_it, type, 1039 (char *)data, md, len)); 1040 } 1041 LCRYPTO_ALIAS(PKCS7_ISSUER_AND_SERIAL_digest); 1042