aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/cms
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/crypto/cms')
-rw-r--r--openssl/crypto/cms/Makefile85
-rw-r--r--openssl/crypto/cms/cms.h10
-rw-r--r--openssl/crypto/cms/cms_asn1.c42
-rw-r--r--openssl/crypto/cms/cms_env.c85
-rw-r--r--openssl/crypto/cms/cms_err.c4
-rw-r--r--openssl/crypto/cms/cms_ess.c6
-rw-r--r--openssl/crypto/cms/cms_io.c79
-rw-r--r--openssl/crypto/cms/cms_lcl.h1
-rw-r--r--openssl/crypto/cms/cms_lib.c32
-rw-r--r--openssl/crypto/cms/cms_sd.c126
-rw-r--r--openssl/crypto/cms/cms_smime.c22
11 files changed, 302 insertions, 190 deletions
diff --git a/openssl/crypto/cms/Makefile b/openssl/crypto/cms/Makefile
index 1c137e0cf..583704972 100644
--- a/openssl/crypto/cms/Makefile
+++ b/openssl/crypto/cms/Makefile
@@ -37,7 +37,7 @@ test:
all: lib
lib: $(LIBOBJ)
- $(ARX) $(LIB) $(LIBOBJ)
+ $(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -108,6 +108,71 @@ cms_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
cms_att.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_att.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
cms_att.o: cms.h cms_att.c cms_lcl.h
+cms_cd.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_cd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_cd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_cd.o: ../../include/openssl/comp.h ../../include/openssl/conf.h
+cms_cd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_cd.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_cd.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_cd.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_cd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_cd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_cd.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_cd.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_cd.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_cd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_cd.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_cd.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_cd.c cms_lcl.h
+cms_dd.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_dd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_dd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_dd.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_dd.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_dd.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_dd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_dd.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_dd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_dd.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_dd.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_dd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
+cms_dd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_dd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_dd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_dd.o: ../cryptlib.h cms_dd.c cms_lcl.h
+cms_enc.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_enc.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_enc.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_enc.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_enc.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_enc.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+cms_enc.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_enc.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_enc.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_enc.c cms_lcl.h
+cms_env.o: ../../e_os.h ../../include/openssl/aes.h
+cms_env.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_env.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_env.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
+cms_env.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_env.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_env.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_env.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_env.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_env.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+cms_env.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pem.h
+cms_env.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+cms_env.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+cms_env.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+cms_env.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+cms_env.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+cms_env.o: ../asn1/asn1_locl.h ../cryptlib.h cms_env.c cms_lcl.h
cms_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
cms_err.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
cms_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -121,6 +186,22 @@ cms_err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
cms_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
cms_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
cms_err.o: cms_err.c
+cms_ess.o: ../../e_os.h ../../include/openssl/asn1.h
+cms_ess.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+cms_ess.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+cms_ess.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+cms_ess.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+cms_ess.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+cms_ess.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+cms_ess.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+cms_ess.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+cms_ess.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_ess.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_ess.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+cms_ess.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_ess.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_ess.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_ess.o: ../../include/openssl/x509v3.h ../cryptlib.h cms_ess.c cms_lcl.h
cms_io.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
cms_io.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
cms_io.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -164,7 +245,7 @@ cms_sd.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
cms_sd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
cms_sd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
cms_sd.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-cms_sd.o: ../cryptlib.h cms_lcl.h cms_sd.c
+cms_sd.o: ../asn1/asn1_locl.h ../cryptlib.h cms_lcl.h cms_sd.c
cms_smime.o: ../../e_os.h ../../include/openssl/asn1.h
cms_smime.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
cms_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
diff --git a/openssl/crypto/cms/cms.h b/openssl/crypto/cms/cms.h
index 25f88745f..09c45d041 100644
--- a/openssl/crypto/cms/cms.h
+++ b/openssl/crypto/cms/cms.h
@@ -76,8 +76,9 @@ typedef struct CMS_Receipt_st CMS_Receipt;
DECLARE_STACK_OF(CMS_SignerInfo)
DECLARE_STACK_OF(GENERAL_NAMES)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ContentInfo)
-DECLARE_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
#define CMS_SIGNERINFO_ISSUER_SERIAL 0
#define CMS_SIGNERINFO_KEYIDENTIFIER 1
@@ -124,9 +125,13 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached);
DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
#endif
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
@@ -230,6 +235,7 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
int CMS_SignedData_init(CMS_ContentInfo *cms);
diff --git a/openssl/crypto/cms/cms_asn1.c b/openssl/crypto/cms/cms_asn1.c
index 766492186..7f7132c3b 100644
--- a/openssl/crypto/cms/cms_asn1.c
+++ b/openssl/crypto/cms/cms_asn1.c
@@ -87,7 +87,8 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
} ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
/* Minor tweak to operation: free up signer key, cert */
-static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ void *exarg)
{
if(operation == ASN1_OP_FREE_POST)
{
@@ -213,7 +214,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
} ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
/* Free up RecipientInfo additional data */
-static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ void *exarg)
{
if(operation == ASN1_OP_FREE_PRE)
{
@@ -300,10 +302,42 @@ ASN1_ADB(CMS_ContentInfo) = {
ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
-ASN1_NDEF_SEQUENCE(CMS_ContentInfo) = {
+/* CMS streaming support */
+static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ void *exarg)
+ {
+ ASN1_STREAM_ARG *sarg = exarg;
+ CMS_ContentInfo *cms = NULL;
+ if (pval)
+ cms = (CMS_ContentInfo *)*pval;
+ else
+ return 1;
+ switch(operation)
+ {
+
+ case ASN1_OP_STREAM_PRE:
+ if (CMS_stream(&sarg->boundary, cms) <= 0)
+ return 0;
+ case ASN1_OP_DETACHED_PRE:
+ sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
+ if (!sarg->ndef_bio)
+ return 0;
+ break;
+
+ case ASN1_OP_STREAM_POST:
+ case ASN1_OP_DETACHED_POST:
+ if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
+ return 0;
+ break;
+
+ }
+ return 1;
+ }
+
+ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
ASN1_ADB_OBJECT(CMS_ContentInfo)
-} ASN1_NDEF_SEQUENCE_END(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
/* Specials for signed attributes */
diff --git a/openssl/crypto/cms/cms_env.c b/openssl/crypto/cms/cms_env.c
index d499ae85b..b3237d4b9 100644
--- a/openssl/crypto/cms/cms_env.c
+++ b/openssl/crypto/cms/cms_env.c
@@ -60,6 +60,7 @@
#include <openssl/rand.h>
#include <openssl/aes.h>
#include "cms_lcl.h"
+#include "asn1_locl.h"
/* CMS EnvelopedData Utilities */
@@ -151,7 +152,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
CMS_KeyTransRecipientInfo *ktri;
CMS_EnvelopedData *env;
EVP_PKEY *pk = NULL;
- int type;
+ int i, type;
env = cms_get0_enveloped(cms);
if (!env)
goto err;
@@ -200,21 +201,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
goto err;
- /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
- * hard code algorithm parameters.
- */
-
- if (pk->type == EVP_PKEY_RSA)
- {
- X509_ALGOR_set0(ktri->keyEncryptionAlgorithm,
- OBJ_nid2obj(NID_rsaEncryption),
- V_ASN1_NULL, 0);
- }
- else
+ if (pk->ameth && pk->ameth->pkey_ctrl)
{
- CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+ i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
+ 0, ri);
+ if (i == -2)
+ {
+ CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
- goto err;
+ goto err;
+ }
+ if (i <= 0)
+ {
+ CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+ CMS_R_CTRL_FAILURE);
+ goto err;
+ }
}
if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
@@ -301,8 +303,9 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
{
CMS_KeyTransRecipientInfo *ktri;
CMS_EncryptedContentInfo *ec;
+ EVP_PKEY_CTX *pctx = NULL;
unsigned char *ek = NULL;
- int eklen;
+ size_t eklen;
int ret = 0;
@@ -315,7 +318,22 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
ktri = ri->d.ktri;
ec = cms->d.envelopedData->encryptedContentInfo;
- eklen = EVP_PKEY_size(ktri->pkey);
+ pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+ if (!pctx)
+ return 0;
+
+ if (EVP_PKEY_encrypt_init(pctx) <= 0)
+ goto err;
+
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+ EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
+ goto err;
+ }
+
+ if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
+ goto err;
ek = OPENSSL_malloc(eklen);
@@ -326,9 +344,7 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
goto err;
}
- eklen = EVP_PKEY_encrypt(ek, ec->key, ec->keylen, ktri->pkey);
-
- if (eklen <= 0)
+ if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
goto err;
ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
@@ -337,6 +353,8 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
ret = 1;
err:
+ if (pctx)
+ EVP_PKEY_CTX_free(pctx);
if (ek)
OPENSSL_free(ek);
return ret;
@@ -349,8 +367,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
CMS_RecipientInfo *ri)
{
CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+ EVP_PKEY_CTX *pctx = NULL;
unsigned char *ek = NULL;
- int eklen;
+ size_t eklen;
int ret = 0;
if (ktri->pkey == NULL)
@@ -360,7 +379,24 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
return 0;
}
- eklen = EVP_PKEY_size(ktri->pkey);
+ pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+ if (!pctx)
+ return 0;
+
+ if (EVP_PKEY_decrypt_init(pctx) <= 0)
+ goto err;
+
+ if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
+ EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
+ {
+ CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
+ goto err;
+ }
+
+ if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+ ktri->encryptedKey->data,
+ ktri->encryptedKey->length) <= 0)
+ goto err;
ek = OPENSSL_malloc(eklen);
@@ -371,10 +407,9 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
goto err;
}
- eklen = EVP_PKEY_decrypt(ek,
+ if (EVP_PKEY_decrypt(pctx, ek, &eklen,
ktri->encryptedKey->data,
- ktri->encryptedKey->length, ktri->pkey);
- if (eklen <= 0)
+ ktri->encryptedKey->length) <= 0)
{
CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
goto err;
@@ -386,6 +421,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
err:
+ if (pctx)
+ EVP_PKEY_CTX_free(pctx);
if (!ret && ek)
OPENSSL_free(ek);
diff --git a/openssl/crypto/cms/cms_err.c b/openssl/crypto/cms/cms_err.c
index 52fa53954..ff7b0309e 100644
--- a/openssl/crypto/cms/cms_err.c
+++ b/openssl/crypto/cms/cms_err.c
@@ -1,6 +1,6 @@
/* crypto/cms/cms_err.c */
/* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -133,7 +133,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT), "CMS_SIGNERINFO_VERIFY_CERT"},
{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT), "CMS_SignerInfo_verify_content"},
{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT), "CMS_sign_receipt"},
-{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_STREAM"},
+{ERR_FUNC(CMS_F_CMS_STREAM), "CMS_stream"},
{ERR_FUNC(CMS_F_CMS_UNCOMPRESS), "CMS_uncompress"},
{ERR_FUNC(CMS_F_CMS_VERIFY), "CMS_verify"},
{0,NULL}
diff --git a/openssl/crypto/cms/cms_ess.c b/openssl/crypto/cms/cms_ess.c
index ed34ff322..90c0b82fb 100644
--- a/openssl/crypto/cms/cms_ess.c
+++ b/openssl/crypto/cms/cms_ess.c
@@ -63,7 +63,7 @@
DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
DECLARE_ASN1_ITEM(CMS_Receipt)
-IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ReceiptRequest)
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
/* ESS services: for now just Signed Receipt related */
@@ -344,7 +344,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
/* Get original receipt request details */
- if (!CMS_get1_ReceiptRequest(osi, &rr))
+ if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
{
CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
goto err;
@@ -385,7 +385,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
/* Get original receipt request details */
- if (!CMS_get1_ReceiptRequest(si, &rr))
+ if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
{
CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
goto err;
diff --git a/openssl/crypto/cms/cms_io.c b/openssl/crypto/cms/cms_io.c
index 30f5ddfe6..1cb0264cc 100644
--- a/openssl/crypto/cms/cms_io.c
+++ b/openssl/crypto/cms/cms_io.c
@@ -58,6 +58,25 @@
#include "cms.h"
#include "cms_lcl.h"
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
+ {
+ ASN1_OCTET_STRING **pos;
+ pos = CMS_get0_content(cms);
+ if (!pos)
+ return 0;
+ if (!*pos)
+ *pos = ASN1_OCTET_STRING_new();
+ if (*pos)
+ {
+ (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
+ (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+ *boundary = &(*pos)->data;
+ return 1;
+ }
+ CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
{
return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
@@ -70,52 +89,26 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
-/* Callback for int_smime_write_ASN1 */
-
-static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
- const ASN1_ITEM *it)
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
{
- CMS_ContentInfo *cms = (CMS_ContentInfo *)val;
- BIO *tmpbio, *cmsbio;
- int r = 0;
-
- if (!(flags & SMIME_DETACHED))
- {
- SMIME_crlf_copy(data, out, flags);
- return 1;
- }
-
- /* Let CMS code prepend any needed BIOs */
-
- cmsbio = CMS_dataInit(cms, out);
-
- if (!cmsbio)
- return 0;
-
- /* Copy data across, passing through filter BIOs for processing */
- SMIME_crlf_copy(data, cmsbio, flags);
-
- /* Finalize structure */
- if (CMS_dataFinal(cms, cmsbio) <= 0)
- goto err;
-
- r = 1;
-
- err:
-
- /* Now remove any digests prepended to the BIO */
-
- while (cmsbio != out)
- {
- tmpbio = BIO_pop(cmsbio);
- BIO_free(cmsbio);
- cmsbio = tmpbio;
- }
+ return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
+ ASN1_ITEM_rptr(CMS_ContentInfo));
+ }
- return 1;
+/* CMS wrappers round generalised stream and MIME routines */
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+ {
+ return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
+ ASN1_ITEM_rptr(CMS_ContentInfo));
}
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+ {
+ return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
+ "CMS",
+ ASN1_ITEM_rptr(CMS_ContentInfo));
+ }
int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
{
@@ -127,9 +120,8 @@ int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
else
mdalgs = NULL;
- return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+ return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
ctype_nid, econt_nid, mdalgs,
- cms_output_data,
ASN1_ITEM_rptr(CMS_ContentInfo));
}
@@ -138,3 +130,4 @@ CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
ASN1_ITEM_rptr(CMS_ContentInfo));
}
+
diff --git a/openssl/crypto/cms/cms_lcl.h b/openssl/crypto/cms/cms_lcl.h
index 7d60fac67..c8ecfa724 100644
--- a/openssl/crypto/cms/cms_lcl.h
+++ b/openssl/crypto/cms/cms_lcl.h
@@ -406,6 +406,7 @@ struct CMS_Receipt_st
ASN1_OCTET_STRING *originatorSignatureValue;
};
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
DECLARE_ASN1_ITEM(CMS_SignerInfo)
DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
diff --git a/openssl/crypto/cms/cms_lib.c b/openssl/crypto/cms/cms_lib.c
index 8e6c1d29a..d00fe0f87 100644
--- a/openssl/crypto/cms/cms_lib.c
+++ b/openssl/crypto/cms/cms_lib.c
@@ -60,7 +60,8 @@
#include "cms.h"
#include "cms_lcl.h"
-IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
+IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
DECLARE_ASN1_ITEM(CMS_CertificateChoices)
DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
@@ -346,20 +347,10 @@ void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
{
int param_type;
- switch (EVP_MD_type(md))
- {
- case NID_sha1:
- case NID_sha224:
- case NID_sha256:
- case NID_sha384:
- case NID_sha512:
+ if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
param_type = V_ASN1_UNDEF;
- break;
-
- default:
+ else
param_type = V_ASN1_NULL;
- break;
- }
X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
@@ -415,7 +406,11 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
return 0;
}
BIO_get_md_ctx(chain, &mtmp);
- if (EVP_MD_CTX_type(mtmp) == nid)
+ if (EVP_MD_CTX_type(mtmp) == nid
+ /* Workaround for broken implementations that use signature
+ * algorithm OID instead of digest.
+ */
+ || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
{
EVP_MD_CTX_copy_ex(mctx, mtmp);
return 1;
@@ -557,6 +552,15 @@ int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
return 1;
}
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+ {
+ int r;
+ r = CMS_add0_crl(cms, crl);
+ if (r > 0)
+ CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+ return r;
+ }
+
STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
{
STACK_OF(X509) *certs = NULL;
diff --git a/openssl/crypto/cms/cms_sd.c b/openssl/crypto/cms/cms_sd.c
index cdac3b870..e3192b9c5 100644
--- a/openssl/crypto/cms/cms_sd.c
+++ b/openssl/crypto/cms/cms_sd.c
@@ -58,6 +58,7 @@
#include <openssl/err.h>
#include <openssl/cms.h>
#include "cms_lcl.h"
+#include "asn1_locl.h"
/* CMS SignedData Utilities */
@@ -218,10 +219,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
X509_get_issuer_name(cert)))
goto merr;
- ASN1_STRING_free(sid->d.issuerAndSerialNumber->serialNumber);
- sid->d.issuerAndSerialNumber->serialNumber =
- ASN1_STRING_dup(X509_get_serialNumber(cert));
- if(!sid->d.issuerAndSerialNumber->serialNumber)
+ if (!ASN1_STRING_copy(
+ sid->d.issuerAndSerialNumber->serialNumber,
+ X509_get_serialNumber(cert)))
goto merr;
break;
@@ -341,16 +341,22 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
if (!cms_set1_SignerIdentifier(si->sid, signer, type))
goto err;
- /* Since no EVP_PKEY_METHOD in 0.9.8 hard code SHA1 as default */
if (md == NULL)
- md = EVP_sha1();
-
- /* OpenSSL 0.9.8 only supports SHA1 with non-RSA keys */
+ {
+ int def_nid;
+ if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
+ goto err;
+ md = EVP_get_digestbynid(def_nid);
+ if (md == NULL)
+ {
+ CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
+ goto err;
+ }
+ }
- if ((pk->type != EVP_PKEY_RSA) && (EVP_MD_type(md) != NID_sha1))
+ if (!md)
{
- CMSerr(CMS_F_CMS_ADD1_SIGNER,
- CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
goto err;
}
@@ -379,37 +385,21 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
}
}
- /* Since we have no EVP_PKEY_ASN1_METHOD in OpenSSL 0.9.8,
- * hard code algorithm parameters.
- */
-
- switch (pk->type)
+ if (pk->ameth && pk->ameth->pkey_ctrl)
{
-
- case EVP_PKEY_RSA:
- X509_ALGOR_set0(si->signatureAlgorithm,
- OBJ_nid2obj(NID_rsaEncryption),
- V_ASN1_NULL, 0);
- break;
-
- case EVP_PKEY_DSA:
- X509_ALGOR_set0(si->signatureAlgorithm,
- OBJ_nid2obj(NID_dsaWithSHA1),
- V_ASN1_UNDEF, 0);
- break;
-
-
- case EVP_PKEY_EC:
- X509_ALGOR_set0(si->signatureAlgorithm,
- OBJ_nid2obj(NID_ecdsa_with_SHA1),
- V_ASN1_UNDEF, 0);
- break;
-
- default:
- CMSerr(CMS_F_CMS_ADD1_SIGNER,
+ i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
+ 0, si);
+ if (i == -2)
+ {
+ CMSerr(CMS_F_CMS_ADD1_SIGNER,
CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
- goto err;
-
+ goto err;
+ }
+ if (i <= 0)
+ {
+ CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
+ goto err;
+ }
}
if (!(flags & CMS_NOATTR))
@@ -626,25 +616,6 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
*psig = si->signatureAlgorithm;
}
-/* In OpenSSL 0.9.8 we have the link between digest types and public
- * key types so we need to fixup the digest type if the public key
- * type is not appropriate.
- */
-
-static void cms_fixup_mctx(EVP_MD_CTX *mctx, EVP_PKEY *pkey)
- {
- if (EVP_MD_CTX_type(mctx) != NID_sha1)
- return;
-#ifndef OPENSSL_NO_DSA
- if (pkey->type == EVP_PKEY_DSA)
- mctx->digest = EVP_dss1();
-#endif
-#ifndef OPENSSL_NO_ECDSA
- if (pkey->type == EVP_PKEY_EC)
- mctx->digest = EVP_ecdsa();
-#endif
- }
-
static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
CMS_SignerInfo *si, BIO *chain)
{
@@ -693,7 +664,6 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
ERR_R_MALLOC_FAILURE);
goto err;
}
- cms_fixup_mctx(&mctx, si->pkey);
if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
{
CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
@@ -731,9 +701,10 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
int CMS_SignerInfo_sign(CMS_SignerInfo *si)
{
EVP_MD_CTX mctx;
+ EVP_PKEY_CTX *pctx;
unsigned char *abuf = NULL;
int alen;
- unsigned int siglen;
+ size_t siglen;
const EVP_MD *md = NULL;
md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
@@ -748,40 +719,38 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
goto err;
}
- if (EVP_SignInit_ex(&mctx, md, NULL) <= 0)
+ if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
goto err;
-#if 0
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
{
CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
goto err;
}
-#endif
alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
ASN1_ITEM_rptr(CMS_Attributes_Sign));
if(!abuf)
goto err;
- if (EVP_SignUpdate(&mctx, abuf, alen) <= 0)
+ if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
+ goto err;
+ if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
goto err;
- siglen = EVP_PKEY_size(si->pkey);
OPENSSL_free(abuf);
abuf = OPENSSL_malloc(siglen);
if(!abuf)
goto err;
- cms_fixup_mctx(&mctx, si->pkey);
- if (EVP_SignFinal(&mctx, abuf, &siglen, si->pkey) <= 0)
+ if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
goto err;
-#if 0
+
if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
{
CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
goto err;
}
-#endif
+
EVP_MD_CTX_cleanup(&mctx);
ASN1_STRING_set0(si->signature, abuf, siglen);
@@ -799,6 +768,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
int CMS_SignerInfo_verify(CMS_SignerInfo *si)
{
EVP_MD_CTX mctx;
+ EVP_PKEY_CTX *pctx;
unsigned char *abuf = NULL;
int alen, r = -1;
const EVP_MD *md = NULL;
@@ -813,23 +783,22 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
if (md == NULL)
return -1;
EVP_MD_CTX_init(&mctx);
- if (EVP_VerifyInit_ex(&mctx, md, NULL) <= 0)
+ if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
goto err;
alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
ASN1_ITEM_rptr(CMS_Attributes_Verify));
if(!abuf)
goto err;
- r = EVP_VerifyUpdate(&mctx, abuf, alen);
+ r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
OPENSSL_free(abuf);
if (r <= 0)
{
r = -1;
goto err;
}
- cms_fixup_mctx(&mctx, si->pkey);
- r = EVP_VerifyFinal(&mctx,
- si->signature->data, si->signature->length, si->pkey);
+ r = EVP_DigestVerifyFinal(&mctx,
+ si->signature->data, si->signature->length);
if (r <= 0)
CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
err:
@@ -922,7 +891,6 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
}
else
{
- cms_fixup_mctx(&mctx, si->pkey);
r = EVP_VerifyFinal(&mctx, si->signature->data,
si->signature->length, si->pkey);
if (r <= 0)
@@ -991,17 +959,19 @@ static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
return CMS_add_simple_smimecap(sk, nid, arg);
return 1;
}
-#if 0
+
static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
{
if (EVP_get_digestbynid(nid))
return CMS_add_simple_smimecap(sk, nid, arg);
return 1;
}
-#endif
+
int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
{
if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+ || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+ || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
|| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
|| !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
|| !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
diff --git a/openssl/crypto/cms/cms_smime.c b/openssl/crypto/cms/cms_smime.c
index f35883aa2..4a799eb89 100644
--- a/openssl/crypto/cms/cms_smime.c
+++ b/openssl/crypto/cms/cms_smime.c
@@ -171,7 +171,7 @@ CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
if (!cms)
return NULL;
- if (CMS_final(cms, in, NULL, flags))
+ if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
return cms;
CMS_ContentInfo_free(cms);
@@ -214,10 +214,7 @@ CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
return NULL;
if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
CMS_set_detached(cms, 0);
- }
if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
return cms;
@@ -269,10 +266,7 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
return NULL;
if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
CMS_set_detached(cms, 0);
- }
if ((flags & (CMS_STREAM|CMS_PARTIAL))
|| CMS_final(cms, in, NULL, flags))
@@ -456,6 +450,7 @@ int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
X509_STORE *store, unsigned int flags)
{
int r;
+ flags &= ~(CMS_DETACHED|CMS_TEXT);
r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
if (r <= 0)
return r;
@@ -486,10 +481,7 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
}
if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
CMS_set_detached(cms, 0);
- }
if ((flags & (CMS_STREAM|CMS_PARTIAL))
|| CMS_final(cms, data, NULL, flags))
@@ -517,7 +509,7 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
BIO *rct_cont = NULL;
int r = 0;
- flags &= ~CMS_STREAM;
+ flags &= ~(CMS_STREAM|CMS_TEXT);
/* Not really detached but avoids content being allocated */
flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
if (!pkey || !signcert)
@@ -598,10 +590,7 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
}
if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
CMS_set_detached(cms, 0);
- }
if ((flags & (CMS_STREAM|CMS_PARTIAL))
|| CMS_final(cms, data, NULL, flags))
@@ -781,12 +770,9 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
return NULL;
if(!(flags & CMS_DETACHED))
- {
- flags &= ~CMS_STREAM;
CMS_set_detached(cms, 0);
- }
- if (CMS_final(cms, in, NULL, flags))
+ if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
return cms;
CMS_ContentInfo_free(cms);