|  | // Copyright 2025 The BoringSSL Authors | 
|  | // | 
|  | // Licensed under the Apache License, Version 2.0 (the "License"); | 
|  | // you may not use this file except in compliance with the License. | 
|  | // You may obtain a copy of the License at | 
|  | // | 
|  | //     https://www.apache.org/licenses/LICENSE-2.0 | 
|  | // | 
|  | // Unless required by applicable law or agreed to in writing, software | 
|  | // distributed under the License is distributed on an "AS IS" BASIS, | 
|  | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | // See the License for the specific language governing permissions and | 
|  | // limitations under the License. | 
|  |  | 
|  | #ifndef OPENSSL_HEADER_CMS_H | 
|  | #define OPENSSL_HEADER_CMS_H | 
|  |  | 
|  | #include <openssl/base.h>   // IWYU pragma: export | 
|  |  | 
|  | #include <openssl/stack.h> | 
|  |  | 
|  | #if defined(__cplusplus) | 
|  | extern "C" { | 
|  | #endif | 
|  |  | 
|  |  | 
|  | // CMS. | 
|  | // | 
|  | // This library contains functions for implementing a small subset of OpenSSL's | 
|  | // API for CMS (RFC 5652). A general CMS implementation, notably one suitable | 
|  | // for S/MIME, is out of scope for BoringSSL. | 
|  | // | 
|  | // As this library is intentionally not a general CMS implementation, BoringSSL | 
|  | // continues to define |OPENSSL_NO_CMS|, so that most callers turn off their | 
|  | // general-purpose CMS code. In callers that are compatible with this subset, | 
|  | // the |BORINGSSL_NO_NO_CMS| build option can be used to suppress | 
|  | // |OPENSSL_NO_CMS|. | 
|  |  | 
|  | DECLARE_STACK_OF(X509) | 
|  |  | 
|  | // CMS_* are flags that can be passed to functions in this library. Their | 
|  | // interpretation is specified in the corresponding functions. | 
|  | #define CMS_NOCERTS 0x2 | 
|  | #define CMS_DETACHED 0x40 | 
|  | #define CMS_BINARY 0x80 | 
|  | #define CMS_NOATTR 0x100 | 
|  | #define CMS_NOSMIMECAP 0x200 | 
|  | #define CMS_STREAM 0x1000 | 
|  | #define CMS_PARTIAL 0x4000 | 
|  | #define CMS_USE_KEYID 0x10000 | 
|  | #define CMS_NO_SIGNING_TIME 0x400000 | 
|  |  | 
|  | // CMS_sign returns a newly-allocated |CMS_ContentInfo| structure for building a | 
|  | // SignedData (RFC 5652), or NULL on error. | 
|  | // | 
|  | // |certs| must be NULL or zero length. BoringSSL does not support embedding | 
|  | // certificates in SignedData. | 
|  | // | 
|  | // |flags| must contain |CMS_DETACHED|, which indicates an external signature. | 
|  | // BoringSSL only supports generating external signatures and does not support | 
|  | // embedding encapsulated content directly in a SignedData. | 
|  | // | 
|  | // If |pkey| is non-NULL, |CMS_add1_signer| is automatically called with | 
|  | // |signcert|, |pkey|, a default hash of SHA-256, and |flags|. |flags| will then | 
|  | // additionally be interpreted as in |CMS_add1_signer|. | 
|  | // | 
|  | // If |CMS_PARTIAL| or |CMS_STREAM| is set in |flags|, the object will be left | 
|  | // incomplete. |data| will then be ignored and should be NULL. The caller can | 
|  | // then continue configuring it and finalizing it with |CMS_final|. Otherwise, | 
|  | // the object will be finalized with |data| and |flags| passed to |CMS_final|. | 
|  | OPENSSL_EXPORT CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, | 
|  | STACK_OF(X509) *certs, BIO *data, | 
|  | uint32_t flags); | 
|  |  | 
|  | // CMS_ContentInfo_free releases memory associated with |cms|. | 
|  | OPENSSL_EXPORT void CMS_ContentInfo_free(CMS_ContentInfo *cms); | 
|  |  | 
|  | // CMS_add1_signer adds a signer to |cms|, which must be a SignedData created by | 
|  | // |CMS_sign|, with the |CMS_PARTIAL| flag set. The signer will use |signcert|, | 
|  | // |pkey|, and |md| for the signing certificate, private key, and digest | 
|  | // algorithm, respectively. It returns a non-NULL pointer to the signer on | 
|  | // success, and NULL on error. The signer is owned by |cms| and should not be | 
|  | // released by the caller. | 
|  | // | 
|  | // |flags| is interpreted as follows: | 
|  | // | 
|  | // - |CMS_PARTIAL| must not be set. BoringSSL does not support configuring a | 
|  | //   signer in multiple steps. | 
|  | // | 
|  | // - |CMS_NOCERTS| must be set. BoringSSL does not support embedding | 
|  | //   certificates in SignedData. | 
|  | // | 
|  | // - |CMS_NOATTR| must be set. BoringSSL does not support attributes in | 
|  | //   SignedData. | 
|  | // | 
|  | // - If |CMS_USE_KEYID| is set, SignerInfos will be identified by subject key | 
|  | //   identifier instead of issuer and serial number. |signcert| must then have | 
|  | //   the subject key identifier extension. | 
|  | // | 
|  | // BoringSSL currently only supports one signer per |CMS_ContentInfo|. | 
|  | // Subsequent calls will fail. Additionally, only RSA keys are currently | 
|  | // supported for |pkey|. | 
|  | OPENSSL_EXPORT CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, | 
|  | X509 *signcert, EVP_PKEY *pkey, | 
|  | const EVP_MD *md, | 
|  | uint32_t flags); | 
|  |  | 
|  | // CMS_final finalizes constructing |cms|, which must have been initialized with | 
|  | // the |CMS_PARTIAL| flag. |data| is read, until EOF, as the data to be | 
|  | // processed by CMS. It returns one on success and zero on error. | 
|  | // | 
|  | // |CMS_BINARY| must be set in |flags|. BoringSSL does not support translating | 
|  | // inputs according to S/MIME. | 
|  | // | 
|  | // |dcont| must be NULL. What a non-NULL |dcont| does is not clearly documented | 
|  | // by OpenSSL, and there are no tests to demonstrate its behavior. | 
|  | OPENSSL_EXPORT int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, | 
|  | uint32_t flags); | 
|  |  | 
|  | // i2d_CMS_bio encodes |cms| as a DER-encoded ContentInfo structure (RFC 5652). | 
|  | // It returns one on success and zero on failure. | 
|  | OPENSSL_EXPORT int i2d_CMS_bio(BIO *out, CMS_ContentInfo *cms); | 
|  |  | 
|  | // i2d_CMS_bio_stream calls |i2d_CMS_bio|. |in| must be NULL and |flags| must | 
|  | // not contain |CMS_STREAM|. BoringSSL does not support any streaming modes for | 
|  | // CMS. | 
|  | OPENSSL_EXPORT int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, | 
|  | int flags); | 
|  |  | 
|  |  | 
|  | #if defined(__cplusplus) | 
|  | }  // extern C | 
|  |  | 
|  | extern "C++" { | 
|  | BSSL_NAMESPACE_BEGIN | 
|  |  | 
|  | BORINGSSL_MAKE_DELETER(CMS_ContentInfo, CMS_ContentInfo_free) | 
|  |  | 
|  | BSSL_NAMESPACE_END | 
|  | }  // extern C++ | 
|  | #endif | 
|  |  | 
|  | #define CMS_R_CERTIFICATE_HAS_NO_KEYID 100 | 
|  | #define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 101 | 
|  |  | 
|  | #endif  // OPENSSL_HEADER_CMS_H |