From 2cec22ef8cfe2df5aeb74861bf6ad4c621be6d02 Mon Sep 17 00:00:00 2001
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
Date: Thu, 9 Apr 2020 01:30:23 +0300
Subject: [PATCH 60/87] cms: add support for setting KeyAgreement UKM

Creating GOST KeyAgreement CMS files requires setting UKM. Add API
function to set it.

Sponsored by ROSA Linux

Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
---
 src/lib/libcrypto/Symbols.list   |  1 +
 src/lib/libcrypto/cms/cms.h      |  1 +
 src/lib/libcrypto/cms/cms_kari.c | 17 +++++++++++++++++
 3 files changed, 19 insertions(+)

diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 3eda9f3bd..e5e7c435e 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -584,6 +584,7 @@ CMS_RecipientInfo_kari_get0_orig_id
 CMS_RecipientInfo_kari_get0_reks
 CMS_RecipientInfo_kari_orig_id_cmp
 CMS_RecipientInfo_kari_set0_pkey
+CMS_RecipientInfo_kari_set0_ukm
 CMS_RecipientInfo_kekri_get0_id
 CMS_RecipientInfo_kekri_id_cmp
 CMS_RecipientInfo_ktri_cert_cmp
diff --git a/src/lib/libcrypto/cms/cms.h b/src/lib/libcrypto/cms/cms.h
index 3c92be34f..fd2a5013a 100644
--- a/src/lib/libcrypto/cms/cms.h
+++ b/src/lib/libcrypto/cms/cms.h
@@ -324,6 +324,7 @@ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
 #endif
 int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg,
     ASN1_OCTET_STRING **pukm);
+int CMS_RecipientInfo_kari_set0_ukm(CMS_RecipientInfo *ri, const unsigned char *d, int len);
 STACK_OF(CMS_RecipientEncryptedKey) *
     CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
 
diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c
index 21e3ce825..2c3b50290 100644
--- a/src/lib/libcrypto/cms/cms_kari.c
+++ b/src/lib/libcrypto/cms/cms_kari.c
@@ -82,6 +82,23 @@ CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg,
 	return 1;
 }
 
+int
+CMS_RecipientInfo_kari_set0_ukm(CMS_RecipientInfo *ri, const unsigned char *d, int len)
+{
+	if (ri->type != CMS_RECIPINFO_AGREE) {
+		CMSerror(CMS_R_NOT_KEY_AGREEMENT);
+		return 0;
+	}
+	if (ri->d.kari->ukm == NULL)
+		ri->d.kari->ukm = ASN1_STRING_new();
+	if (ri->d.kari->ukm == NULL) {
+		CMSerror(ERR_R_MALLOC_FAILURE);
+		return 0;
+	}
+
+	return ASN1_OCTET_STRING_set(ri->d.kari->ukm, d, len);
+}
+
 /* Retrieve recipient encrypted keys from a kari */
 
 STACK_OF(CMS_RecipientEncryptedKey) *
-- 
2.17.1