crypto/libressl/crypto/cms/cms_lib.c

   1 /* $OpenBSD: cms_lib.c,v 1.14 2019/08/12 18:13:13 jsing Exp $ */
   2 /*
   3  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   4  * project.
   5  */
   6 /* ====================================================================
   7  * Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  *
  13  * 1. Redistributions of source code must retain the above copyright
  14  *    notice, this list of conditions and the following disclaimer.
  15  *
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *    notice, this list of conditions and the following disclaimer in
  18  *    the documentation and/or other materials provided with the
  19  *    distribution.
  20  *
  21  * 3. All advertising materials mentioning features or use of this
  22  *    software must display the following acknowledgment:
  23  *    "This product includes software developed by the OpenSSL Project
  24  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25  *
  26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27  *    endorse or promote products derived from this software without
  28  *    prior written permission. For written permission, please contact
  29  *    licensing@OpenSSL.org.
  30  *
  31  * 5. Products derived from this software may not be called "OpenSSL"
  32  *    nor may "OpenSSL" appear in their names without prior written
  33  *    permission of the OpenSSL Project.
  34  *
  35  * 6. Redistributions of any form whatsoever must retain the following
  36  *    acknowledgment:
  37  *    "This product includes software developed by the OpenSSL Project
  38  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39  *
  40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51  * OF THE POSSIBILITY OF SUCH DAMAGE.
  52  * ====================================================================
  53  */
  54
  55 #include <openssl/asn1t.h>
  56 #include <openssl/x509v3.h>
  57 #include <openssl/err.h>
  58 #include <openssl/pem.h>
  59 #include <openssl/bio.h>
  60 #include <openssl/asn1.h>
  61 #include <openssl/cms.h>
  62 #include "cms_lcl.h"
  63
  64
  65 CMS_ContentInfo *
  66 d2i_CMS_ContentInfo(CMS_ContentInfo **a, const unsigned char **in, long len)
  67 {
  68         return (CMS_ContentInfo *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
  69             &CMS_ContentInfo_it);
  70 }
  71
  72 int
  73 i2d_CMS_ContentInfo(CMS_ContentInfo *a, unsigned char **out)
  74 {
  75         return ASN1_item_i2d((ASN1_VALUE *)a, out, &CMS_ContentInfo_it);
  76 }
  77
  78 CMS_ContentInfo *
  79 CMS_ContentInfo_new(void)
  80 {
  81         return (CMS_ContentInfo *)ASN1_item_new(&CMS_ContentInfo_it);
  82 }
  83
  84 void
  85 CMS_ContentInfo_free(CMS_ContentInfo *a)
  86 {
  87         ASN1_item_free((ASN1_VALUE *)a, &CMS_ContentInfo_it);
  88 }
  89
  90 int
  91 CMS_ContentInfo_print_ctx(BIO *out, CMS_ContentInfo *x, int indent, const ASN1_PCTX *pctx)
  92 {
  93         return ASN1_item_print(out, (ASN1_VALUE *)x, indent,
  94             &CMS_ContentInfo_it, pctx);
  95 }
  96
  97 const ASN1_OBJECT *
  98 CMS_get0_type(const CMS_ContentInfo *cms)
  99 {
 100         return cms->contentType;
 101 }
 102
 103 CMS_ContentInfo *
 104 cms_Data_create(void)
 105 {
 106         CMS_ContentInfo *cms;
 107
 108         cms = CMS_ContentInfo_new();
 109         if (cms != NULL) {
 110                 cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
 111                 /* Never detached */
 112                 CMS_set_detached(cms, 0);
 113         }
 114         return cms;
 115 }
 116
 117 BIO *
 118 cms_content_bio(CMS_ContentInfo *cms)
 119 {
 120         ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
 121
 122         if (!pos)
 123                 return NULL;
 124         /* If content detached data goes nowhere: create NULL BIO */
 125         if (!*pos)
 126                 return BIO_new(BIO_s_null());
 127         /*
 128          * If content not detached and created return memory BIO
 129          */
 130         if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
 131                 return BIO_new(BIO_s_mem());
 132
 133         /* Else content was read in: return read only BIO for it */
 134         return BIO_new_mem_buf((*pos)->data, (*pos)->length);
 135 }
 136
 137 BIO *
 138 CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
 139 {
 140         BIO *cmsbio, *cont;
 141
 142         if (icont)
 143                 cont = icont;
 144         else
 145                 cont = cms_content_bio(cms);
 146         if (!cont) {
 147                 CMSerror(CMS_R_NO_CONTENT);
 148                 return NULL;
 149         }
 150         switch (OBJ_obj2nid(cms->contentType)) {
 151
 152         case NID_pkcs7_data:
 153                 return cont;
 154
 155         case NID_pkcs7_signed:
 156                 cmsbio = cms_SignedData_init_bio(cms);
 157                 break;
 158
 159         case NID_pkcs7_digest:
 160                 cmsbio = cms_DigestedData_init_bio(cms);
 161                 break;
 162 #ifdef ZLIB
 163         case NID_id_smime_ct_compressedData:
 164                 cmsbio = cms_CompressedData_init_bio(cms);
 165                 break;
 166 #endif
 167
 168         case NID_pkcs7_encrypted:
 169                 cmsbio = cms_EncryptedData_init_bio(cms);
 170                 break;
 171
 172         case NID_pkcs7_enveloped:
 173                 cmsbio = cms_EnvelopedData_init_bio(cms);
 174                 break;
 175
 176         default:
 177                 CMSerror(CMS_R_UNSUPPORTED_TYPE);
 178                 return NULL;
 179         }
 180
 181         if (cmsbio)
 182                 return BIO_push(cmsbio, cont);
 183
 184         if (!icont)
 185                 BIO_free(cont);
 186
 187         return NULL;
 188 }
 189
 190 int
 191 CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
 192 {
 193         ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
 194
 195         if (!pos)
 196                 return 0;
 197         /* If embedded content find memory BIO and set content */
 198         if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
 199                 BIO *mbio;
 200                 unsigned char *cont;
 201                 long contlen;
 202                 mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
 203                 if (!mbio) {
 204                         CMSerror(CMS_R_CONTENT_NOT_FOUND);
 205                         return 0;
 206                 }
 207                 contlen = BIO_get_mem_data(mbio, &cont);
 208                 /* Set bio as read only so its content can't be clobbered */
 209                 BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
 210                 BIO_set_mem_eof_return(mbio, 0);
 211                 ASN1_STRING_set0(*pos, cont, contlen);
 212                 (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
 213         }
 214
 215         switch (OBJ_obj2nid(cms->contentType)) {
 216
 217         case NID_pkcs7_data:
 218         case NID_pkcs7_enveloped:
 219         case NID_pkcs7_encrypted:
 220         case NID_id_smime_ct_compressedData:
 221                 /* Nothing to do */
 222                 return 1;
 223
 224         case NID_pkcs7_signed:
 225                 return cms_SignedData_final(cms, cmsbio);
 226
 227         case NID_pkcs7_digest:
 228                 return cms_DigestedData_do_final(cms, cmsbio, 0);
 229
 230         default:
 231                 CMSerror(CMS_R_UNSUPPORTED_TYPE);
 232                 return 0;
 233         }
 234 }
 235
 236 /*
 237  * Return an OCTET STRING pointer to content. This allows it to be accessed
 238  * or set later.
 239  */
 240
 241 ASN1_OCTET_STRING **
 242 CMS_get0_content(CMS_ContentInfo *cms)
 243 {
 244         switch (OBJ_obj2nid(cms->contentType)) {
 245         case NID_pkcs7_data:
 246                 return &cms->d.data;
 247
 248         case NID_pkcs7_signed:
 249                 return &cms->d.signedData->encapContentInfo->eContent;
 250
 251         case NID_pkcs7_enveloped:
 252                 return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
 253
 254         case NID_pkcs7_digest:
 255                 return &cms->d.digestedData->encapContentInfo->eContent;
 256
 257         case NID_pkcs7_encrypted:
 258                 return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
 259
 260         case NID_id_smime_ct_authData:
 261                 return &cms->d.authenticatedData->encapContentInfo->eContent;
 262
 263         case NID_id_smime_ct_compressedData:
 264                 return &cms->d.compressedData->encapContentInfo->eContent;
 265
 266         default:
 267                 if (cms->d.other->type == V_ASN1_OCTET_STRING)
 268                         return &cms->d.other->value.octet_string;
 269                 CMSerror(CMS_R_UNSUPPORTED_CONTENT_TYPE);
 270                 return NULL;
 271         }
 272 }
 273
 274 /*
 275  * Return an ASN1_OBJECT pointer to content type. This allows it to be
 276  * accessed or set later.
 277  */
 278
 279 static ASN1_OBJECT **
 280 cms_get0_econtent_type(CMS_ContentInfo *cms)
 281 {
 282         switch (OBJ_obj2nid(cms->contentType)) {
 283         case NID_pkcs7_signed:
 284                 return &cms->d.signedData->encapContentInfo->eContentType;
 285
 286         case NID_pkcs7_enveloped:
 287                 return &cms->d.envelopedData->encryptedContentInfo->contentType;
 288
 289         case NID_pkcs7_digest:
 290                 return &cms->d.digestedData->encapContentInfo->eContentType;
 291
 292         case NID_pkcs7_encrypted:
 293                 return &cms->d.encryptedData->encryptedContentInfo->contentType;
 294
 295         case NID_id_smime_ct_authData:
 296                 return &cms->d.authenticatedData->encapContentInfo->eContentType;
 297
 298         case NID_id_smime_ct_compressedData:
 299                 return &cms->d.compressedData->encapContentInfo->eContentType;
 300
 301         default:
 302                 CMSerror(CMS_R_UNSUPPORTED_CONTENT_TYPE);
 303                 return NULL;
 304         }
 305 }
 306
 307 const ASN1_OBJECT *
 308 CMS_get0_eContentType(CMS_ContentInfo *cms)
 309 {
 310         ASN1_OBJECT **petype;
 311
 312         petype = cms_get0_econtent_type(cms);
 313         if (petype)
 314                 return *petype;
 315
 316         return NULL;
 317 }
 318
 319 int
 320 CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
 321 {
 322         ASN1_OBJECT **petype, *etype;
 323
 324         petype = cms_get0_econtent_type(cms);
 325         if (!petype)
 326                 return 0;
 327         if (!oid)
 328                 return 1;
 329         etype = OBJ_dup(oid);
 330         if (!etype)
 331                 return 0;
 332         ASN1_OBJECT_free(*petype);
 333         *petype = etype;
 334
 335         return 1;
 336 }
 337
 338 int
 339 CMS_is_detached(CMS_ContentInfo *cms)
 340 {
 341         ASN1_OCTET_STRING **pos;
 342
 343         pos = CMS_get0_content(cms);
 344         if (!pos)
 345                 return -1;
 346         if (*pos)
 347                 return 0;
 348
 349         return 1;
 350 }
 351
 352 int
 353 CMS_set_detached(CMS_ContentInfo *cms, int detached)
 354 {
 355         ASN1_OCTET_STRING **pos;
 356
 357         pos = CMS_get0_content(cms);
 358         if (!pos)
 359                 return 0;
 360         if (detached) {
 361                 ASN1_OCTET_STRING_free(*pos);
 362                 *pos = NULL;
 363                 return 1;
 364         }
 365         if (*pos == NULL)
 366                 *pos = ASN1_OCTET_STRING_new();
 367         if (*pos != NULL) {
 368                 /*
 369                  * NB: special flag to show content is created and not read in.
 370                  */
 371                 (*pos)->flags |= ASN1_STRING_FLAG_CONT;
 372                 return 1;
 373         }
 374         CMSerror(ERR_R_MALLOC_FAILURE);
 375
 376         return 0;
 377 }
 378
 379 /* Create a digest BIO from an X509_ALGOR structure */
 380
 381 BIO *
 382 cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
 383 {
 384         BIO *mdbio = NULL;
 385         const ASN1_OBJECT *digestoid;
 386         const EVP_MD *digest;
 387
 388         X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
 389         digest = EVP_get_digestbyobj(digestoid);
 390         if (!digest) {
 391                 CMSerror(CMS_R_UNKNOWN_DIGEST_ALGORITHM);
 392                 goto err;
 393         }
 394         mdbio = BIO_new(BIO_f_md());
 395         if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
 396                 CMSerror(CMS_R_MD_BIO_INIT_ERROR);
 397                 goto err;
 398         }
 399         return mdbio;
 400
 401  err:
 402         BIO_free(mdbio);
 403
 404         return NULL;
 405 }
 406
 407 /* Locate a message digest content from a BIO chain based on SignerInfo */
 408
 409 int
 410 cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg)
 411 {
 412         int nid;
 413         const ASN1_OBJECT *mdoid;
 414
 415         X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
 416         nid = OBJ_obj2nid(mdoid);
 417         /* Look for digest type to match signature */
 418         for (;;) {
 419                 EVP_MD_CTX *mtmp;
 420                 chain = BIO_find_type(chain, BIO_TYPE_MD);
 421                 if (chain == NULL) {
 422                         CMSerror(CMS_R_NO_MATCHING_DIGEST);
 423                         return 0;
 424                 }
 425                 BIO_get_md_ctx(chain, &mtmp);
 426                 if (EVP_MD_CTX_type(mtmp) == nid
 427                         /*
 428                          * Workaround for broken implementations that use signature
 429                          * algorithm OID instead of digest.
 430                          */
 431                         || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
 432                         return EVP_MD_CTX_copy_ex(mctx, mtmp);
 433                 chain = BIO_next(chain);
 434         }
 435 }
 436
 437 static STACK_OF(CMS_CertificateChoices) **
 438 cms_get0_certificate_choices(CMS_ContentInfo *cms)
 439 {
 440         switch (OBJ_obj2nid(cms->contentType)) {
 441         case NID_pkcs7_signed:
 442                 return &cms->d.signedData->certificates;
 443
 444         case NID_pkcs7_enveloped:
 445                 if (cms->d.envelopedData->originatorInfo == NULL)
 446                         return NULL;
 447                 return &cms->d.envelopedData->originatorInfo->certificates;
 448
 449         default:
 450                 CMSerror(CMS_R_UNSUPPORTED_CONTENT_TYPE);
 451                 return NULL;
 452         }
 453 }
 454
 455 CMS_CertificateChoices *
 456 CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
 457 {
 458         STACK_OF(CMS_CertificateChoices) **pcerts;
 459         CMS_CertificateChoices *cch;
 460
 461         pcerts = cms_get0_certificate_choices(cms);
 462         if (!pcerts)
 463                 return NULL;
 464         if (!*pcerts)
 465                 *pcerts = sk_CMS_CertificateChoices_new_null();
 466         if (!*pcerts)
 467                 return NULL;
 468         cch = (CMS_CertificateChoices *)ASN1_item_new(&CMS_CertificateChoices_it);
 469         if (!cch)
 470                 return NULL;
 471         if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
 472                 ASN1_item_free((ASN1_VALUE *)cch, &CMS_CertificateChoices_it);
 473                 return NULL;
 474         }
 475
 476         return cch;
 477 }
 478
 479 int
 480 CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
 481 {
 482         CMS_CertificateChoices *cch;
 483         STACK_OF(CMS_CertificateChoices) **pcerts;
 484         int i;
 485
 486         pcerts = cms_get0_certificate_choices(cms);
 487         if (!pcerts)
 488                 return 0;
 489         for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
 490                 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
 491                 if (cch->type == CMS_CERTCHOICE_CERT) {
 492                         if (!X509_cmp(cch->d.certificate, cert)) {
 493                             CMSerror(CMS_R_CERTIFICATE_ALREADY_PRESENT);
 494                             return 0;
 495                         }
 496                 }
 497         }
 498         cch = CMS_add0_CertificateChoices(cms);
 499         if (!cch)
 500                 return 0;
 501         cch->type = CMS_CERTCHOICE_CERT;
 502         cch->d.certificate = cert;
 503
 504         return 1;
 505 }
 506
 507 int
 508 CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
 509 {
 510         int r;
 511
 512         r = CMS_add0_cert(cms, cert);
 513         if (r > 0)
 514                 X509_up_ref(cert);
 515
 516         return r;
 517 }
 518
 519 static STACK_OF(CMS_RevocationInfoChoice) **
 520 cms_get0_revocation_choices(CMS_ContentInfo *cms)
 521 {
 522         switch (OBJ_obj2nid(cms->contentType)) {
 523         case NID_pkcs7_signed:
 524                 return &cms->d.signedData->crls;
 525
 526         case NID_pkcs7_enveloped:
 527                 if (cms->d.envelopedData->originatorInfo == NULL)
 528                         return NULL;
 529                 return &cms->d.envelopedData->originatorInfo->crls;
 530
 531         default:
 532                 CMSerror(CMS_R_UNSUPPORTED_CONTENT_TYPE);
 533                 return NULL;
 534         }
 535 }
 536
 537 CMS_RevocationInfoChoice *
 538 CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
 539 {
 540         STACK_OF(CMS_RevocationInfoChoice) **pcrls;
 541         CMS_RevocationInfoChoice *rch;
 542
 543         pcrls = cms_get0_revocation_choices(cms);
 544         if (!pcrls)
 545                 return NULL;
 546         if (!*pcrls)
 547                 *pcrls = sk_CMS_RevocationInfoChoice_new_null();
 548         if (!*pcrls)
 549                 return NULL;
 550         rch = (CMS_RevocationInfoChoice *)ASN1_item_new(&CMS_RevocationInfoChoice_it);
 551         if (!rch)
 552                 return NULL;
 553         if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
 554                 ASN1_item_free((ASN1_VALUE *)rch, &CMS_RevocationInfoChoice_it);
 555                 return NULL;
 556         }
 557
 558         return rch;
 559 }
 560
 561 int
 562 CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
 563 {
 564         CMS_RevocationInfoChoice *rch;
 565
 566         rch = CMS_add0_RevocationInfoChoice(cms);
 567         if (!rch)
 568                 return 0;
 569         rch->type = CMS_REVCHOICE_CRL;
 570         rch->d.crl = crl;
 571
 572         return 1;
 573 }
 574
 575 int
 576 CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
 577 {
 578         int r;
 579
 580         r = CMS_add0_crl(cms, crl);
 581         if (r > 0)
 582                 X509_CRL_up_ref(crl);
 583
 584         return r;
 585 }
 586
 587 STACK_OF(X509) *
 588 CMS_get1_certs(CMS_ContentInfo *cms)
 589 {
 590         STACK_OF(X509) *certs = NULL;
 591         CMS_CertificateChoices *cch;
 592         STACK_OF(CMS_CertificateChoices) **pcerts;
 593         int i;
 594
 595         pcerts = cms_get0_certificate_choices(cms);
 596         if (!pcerts)
 597                 return NULL;
 598         for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
 599                 cch = sk_CMS_CertificateChoices_value(*pcerts, i);
 600                 if (cch->type == 0) {
 601                         if (!certs) {
 602                             certs = sk_X509_new_null();
 603                             if (!certs)
 604                                 return NULL;
 605                         }
 606                         if (!sk_X509_push(certs, cch->d.certificate)) {
 607                             sk_X509_pop_free(certs, X509_free);
 608                             return NULL;
 609                         }
 610                         X509_up_ref(cch->d.certificate);
 611                 }
 612         }
 613         return certs;
 614 }
 615
 616 STACK_OF(X509_CRL) *
 617 CMS_get1_crls(CMS_ContentInfo *cms)
 618 {
 619         STACK_OF(X509_CRL) *crls = NULL;
 620         STACK_OF(CMS_RevocationInfoChoice) **pcrls;
 621         CMS_RevocationInfoChoice *rch;
 622         int i;
 623
 624         pcrls = cms_get0_revocation_choices(cms);
 625         if (!pcrls)
 626                 return NULL;
 627         for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
 628                 rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
 629                 if (rch->type == 0) {
 630                         if (!crls) {
 631                             crls = sk_X509_CRL_new_null();
 632                             if (!crls)
 633                                 return NULL;
 634                         }
 635                         if (!sk_X509_CRL_push(crls, rch->d.crl)) {
 636                             sk_X509_CRL_pop_free(crls, X509_CRL_free);
 637                             return NULL;
 638                         }
 639                         X509_CRL_up_ref(rch->d.crl);
 640                 }
 641         }
 642         return crls;
 643 }
 644
 645 static const ASN1_OCTET_STRING *
 646 cms_X509_get0_subject_key_id(X509 *x)
 647 {
 648         /* Call for side-effect of computing hash and caching extensions */
 649         X509_check_purpose(x, -1, -1);
 650         return x->skid;
 651 }
 652
 653 int
 654 cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
 655 {
 656         int ret;
 657
 658         ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
 659         if (ret)
 660                 return ret;
 661
 662         return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
 663 }
 664
 665 int
 666 cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
 667 {
 668         const ASN1_OCTET_STRING *cert_keyid = cms_X509_get0_subject_key_id(cert);
 669
 670         if (cert_keyid == NULL)
 671                 return -1;
 672
 673         return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
 674 }
 675
 676 int
 677 cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
 678 {
 679         CMS_IssuerAndSerialNumber *ias;
 680
 681         ias = (CMS_IssuerAndSerialNumber *)ASN1_item_new(&CMS_IssuerAndSerialNumber_it);
 682         if (!ias)
 683                 goto err;
 684         if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
 685                 goto err;
 686         if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
 687                 goto err;
 688         ASN1_item_free((ASN1_VALUE *)*pias, &CMS_IssuerAndSerialNumber_it);
 689         *pias = ias;
 690
 691         return 1;
 692
 693  err:
 694         ASN1_item_free((ASN1_VALUE *)ias, &CMS_IssuerAndSerialNumber_it);
 695         CMSerror(ERR_R_MALLOC_FAILURE);
 696
 697         return 0;
 698 }
 699
 700 int
 701 cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
 702 {
 703         ASN1_OCTET_STRING *keyid = NULL;
 704         const ASN1_OCTET_STRING *cert_keyid;
 705
 706         cert_keyid = cms_X509_get0_subject_key_id(cert);
 707         if (cert_keyid == NULL) {
 708                 CMSerror(CMS_R_CERTIFICATE_HAS_NO_KEYID);
 709                 return 0;
 710         }
 711         keyid = ASN1_STRING_dup(cert_keyid);
 712         if (!keyid) {
 713                 CMSerror(ERR_R_MALLOC_FAILURE);
 714                 return 0;
 715         }
 716         ASN1_OCTET_STRING_free(*pkeyid);
 717         *pkeyid = keyid;
 718
 719         return 1;
 720 }