pk7_doit.c 36 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/rand.h>
  12. #include <openssl/objects.h>
  13. #include <openssl/x509.h>
  14. #include <openssl/x509v3.h>
  15. #include <openssl/err.h>
  16. static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
  17. void *value);
  18. static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
  19. static int PKCS7_type_is_other(PKCS7 *p7)
  20. {
  21. int isOther = 1;
  22. int nid = OBJ_obj2nid(p7->type);
  23. switch (nid) {
  24. case NID_pkcs7_data:
  25. case NID_pkcs7_signed:
  26. case NID_pkcs7_enveloped:
  27. case NID_pkcs7_signedAndEnveloped:
  28. case NID_pkcs7_digest:
  29. case NID_pkcs7_encrypted:
  30. isOther = 0;
  31. break;
  32. default:
  33. isOther = 1;
  34. }
  35. return isOther;
  36. }
  37. static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
  38. {
  39. if (PKCS7_type_is_data(p7))
  40. return p7->d.data;
  41. if (PKCS7_type_is_other(p7) && p7->d.other
  42. && (p7->d.other->type == V_ASN1_OCTET_STRING))
  43. return p7->d.other->value.octet_string;
  44. return NULL;
  45. }
  46. static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
  47. {
  48. BIO *btmp;
  49. const EVP_MD *md;
  50. if ((btmp = BIO_new(BIO_f_md())) == NULL) {
  51. PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
  52. goto err;
  53. }
  54. md = EVP_get_digestbyobj(alg->algorithm);
  55. if (md == NULL) {
  56. PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
  57. goto err;
  58. }
  59. BIO_set_md(btmp, md);
  60. if (*pbio == NULL)
  61. *pbio = btmp;
  62. else if (!BIO_push(*pbio, btmp)) {
  63. PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
  64. goto err;
  65. }
  66. btmp = NULL;
  67. return 1;
  68. err:
  69. BIO_free(btmp);
  70. return 0;
  71. }
  72. static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
  73. unsigned char *key, int keylen)
  74. {
  75. EVP_PKEY_CTX *pctx = NULL;
  76. EVP_PKEY *pkey = NULL;
  77. unsigned char *ek = NULL;
  78. int ret = 0;
  79. size_t eklen;
  80. pkey = X509_get0_pubkey(ri->cert);
  81. if (pkey == NULL)
  82. return 0;
  83. pctx = EVP_PKEY_CTX_new(pkey, NULL);
  84. if (pctx == NULL)
  85. return 0;
  86. if (EVP_PKEY_encrypt_init(pctx) <= 0)
  87. goto err;
  88. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
  89. EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
  90. PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
  91. goto err;
  92. }
  93. if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
  94. goto err;
  95. ek = OPENSSL_malloc(eklen);
  96. if (ek == NULL) {
  97. PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
  98. goto err;
  99. }
  100. if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
  101. goto err;
  102. ASN1_STRING_set0(ri->enc_key, ek, eklen);
  103. ek = NULL;
  104. ret = 1;
  105. err:
  106. EVP_PKEY_CTX_free(pctx);
  107. OPENSSL_free(ek);
  108. return ret;
  109. }
  110. static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
  111. PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey,
  112. size_t fixlen)
  113. {
  114. EVP_PKEY_CTX *pctx = NULL;
  115. unsigned char *ek = NULL;
  116. size_t eklen;
  117. int ret = -1;
  118. pctx = EVP_PKEY_CTX_new(pkey, NULL);
  119. if (pctx == NULL)
  120. return -1;
  121. if (EVP_PKEY_decrypt_init(pctx) <= 0)
  122. goto err;
  123. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
  124. EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
  125. PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
  126. goto err;
  127. }
  128. if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
  129. ri->enc_key->data, ri->enc_key->length) <= 0)
  130. goto err;
  131. ek = OPENSSL_malloc(eklen);
  132. if (ek == NULL) {
  133. PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
  134. goto err;
  135. }
  136. if (EVP_PKEY_decrypt(pctx, ek, &eklen,
  137. ri->enc_key->data, ri->enc_key->length) <= 0
  138. || eklen == 0
  139. || (fixlen != 0 && eklen != fixlen)) {
  140. ret = 0;
  141. PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
  142. goto err;
  143. }
  144. ret = 1;
  145. OPENSSL_clear_free(*pek, *peklen);
  146. *pek = ek;
  147. *peklen = eklen;
  148. err:
  149. EVP_PKEY_CTX_free(pctx);
  150. if (!ret)
  151. OPENSSL_free(ek);
  152. return ret;
  153. }
  154. BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
  155. {
  156. int i;
  157. BIO *out = NULL, *btmp = NULL;
  158. X509_ALGOR *xa = NULL;
  159. const EVP_CIPHER *evp_cipher = NULL;
  160. STACK_OF(X509_ALGOR) *md_sk = NULL;
  161. STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
  162. X509_ALGOR *xalg = NULL;
  163. PKCS7_RECIP_INFO *ri = NULL;
  164. ASN1_OCTET_STRING *os = NULL;
  165. if (p7 == NULL) {
  166. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
  167. return NULL;
  168. }
  169. /*
  170. * The content field in the PKCS7 ContentInfo is optional, but that really
  171. * only applies to inner content (precisely, detached signatures).
  172. *
  173. * When reading content, missing outer content is therefore treated as an
  174. * error.
  175. *
  176. * When creating content, PKCS7_content_new() must be called before
  177. * calling this method, so a NULL p7->d is always an error.
  178. */
  179. if (p7->d.ptr == NULL) {
  180. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
  181. return NULL;
  182. }
  183. i = OBJ_obj2nid(p7->type);
  184. p7->state = PKCS7_S_HEADER;
  185. switch (i) {
  186. case NID_pkcs7_signed:
  187. md_sk = p7->d.sign->md_algs;
  188. os = PKCS7_get_octet_string(p7->d.sign->contents);
  189. break;
  190. case NID_pkcs7_signedAndEnveloped:
  191. rsk = p7->d.signed_and_enveloped->recipientinfo;
  192. md_sk = p7->d.signed_and_enveloped->md_algs;
  193. xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
  194. evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
  195. if (evp_cipher == NULL) {
  196. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
  197. goto err;
  198. }
  199. break;
  200. case NID_pkcs7_enveloped:
  201. rsk = p7->d.enveloped->recipientinfo;
  202. xalg = p7->d.enveloped->enc_data->algorithm;
  203. evp_cipher = p7->d.enveloped->enc_data->cipher;
  204. if (evp_cipher == NULL) {
  205. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
  206. goto err;
  207. }
  208. break;
  209. case NID_pkcs7_digest:
  210. xa = p7->d.digest->md;
  211. os = PKCS7_get_octet_string(p7->d.digest->contents);
  212. break;
  213. case NID_pkcs7_data:
  214. break;
  215. default:
  216. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  217. goto err;
  218. }
  219. for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
  220. if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
  221. goto err;
  222. if (xa && !PKCS7_bio_add_digest(&out, xa))
  223. goto err;
  224. if (evp_cipher != NULL) {
  225. unsigned char key[EVP_MAX_KEY_LENGTH];
  226. unsigned char iv[EVP_MAX_IV_LENGTH];
  227. int keylen, ivlen;
  228. EVP_CIPHER_CTX *ctx;
  229. if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
  230. PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
  231. goto err;
  232. }
  233. BIO_get_cipher_ctx(btmp, &ctx);
  234. keylen = EVP_CIPHER_key_length(evp_cipher);
  235. ivlen = EVP_CIPHER_iv_length(evp_cipher);
  236. xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
  237. if (ivlen > 0)
  238. if (RAND_bytes(iv, ivlen) <= 0)
  239. goto err;
  240. if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
  241. goto err;
  242. if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
  243. goto err;
  244. if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
  245. goto err;
  246. if (ivlen > 0) {
  247. if (xalg->parameter == NULL) {
  248. xalg->parameter = ASN1_TYPE_new();
  249. if (xalg->parameter == NULL)
  250. goto err;
  251. }
  252. if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
  253. goto err;
  254. }
  255. /* Lets do the pub key stuff :-) */
  256. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
  257. ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
  258. if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
  259. goto err;
  260. }
  261. OPENSSL_cleanse(key, keylen);
  262. if (out == NULL)
  263. out = btmp;
  264. else
  265. BIO_push(out, btmp);
  266. btmp = NULL;
  267. }
  268. if (bio == NULL) {
  269. if (PKCS7_is_detached(p7)) {
  270. bio = BIO_new(BIO_s_null());
  271. } else if (os && os->length > 0) {
  272. bio = BIO_new_mem_buf(os->data, os->length);
  273. } else {
  274. bio = BIO_new(BIO_s_mem());
  275. if (bio == NULL)
  276. goto err;
  277. BIO_set_mem_eof_return(bio, 0);
  278. }
  279. if (bio == NULL)
  280. goto err;
  281. }
  282. if (out)
  283. BIO_push(out, bio);
  284. else
  285. out = bio;
  286. return out;
  287. err:
  288. BIO_free_all(out);
  289. BIO_free_all(btmp);
  290. return NULL;
  291. }
  292. static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
  293. {
  294. int ret;
  295. ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
  296. X509_get_issuer_name(pcert));
  297. if (ret)
  298. return ret;
  299. return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert),
  300. ri->issuer_and_serial->serial);
  301. }
  302. /* int */
  303. BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
  304. {
  305. int i, j;
  306. BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
  307. X509_ALGOR *xa;
  308. ASN1_OCTET_STRING *data_body = NULL;
  309. const EVP_MD *evp_md;
  310. const EVP_CIPHER *evp_cipher = NULL;
  311. EVP_CIPHER_CTX *evp_ctx = NULL;
  312. X509_ALGOR *enc_alg = NULL;
  313. STACK_OF(X509_ALGOR) *md_sk = NULL;
  314. STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
  315. PKCS7_RECIP_INFO *ri = NULL;
  316. unsigned char *ek = NULL, *tkey = NULL;
  317. int eklen = 0, tkeylen = 0;
  318. if (p7 == NULL) {
  319. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
  320. return NULL;
  321. }
  322. if (p7->d.ptr == NULL) {
  323. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
  324. return NULL;
  325. }
  326. i = OBJ_obj2nid(p7->type);
  327. p7->state = PKCS7_S_HEADER;
  328. switch (i) {
  329. case NID_pkcs7_signed:
  330. /*
  331. * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
  332. * field and optional content.
  333. * data_body is NULL if that structure has no (=detached) content
  334. * or if the contentType is wrong (i.e., not "data").
  335. */
  336. data_body = PKCS7_get_octet_string(p7->d.sign->contents);
  337. if (!PKCS7_is_detached(p7) && data_body == NULL) {
  338. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  339. PKCS7_R_INVALID_SIGNED_DATA_TYPE);
  340. goto err;
  341. }
  342. md_sk = p7->d.sign->md_algs;
  343. break;
  344. case NID_pkcs7_signedAndEnveloped:
  345. rsk = p7->d.signed_and_enveloped->recipientinfo;
  346. md_sk = p7->d.signed_and_enveloped->md_algs;
  347. /* data_body is NULL if the optional EncryptedContent is missing. */
  348. data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
  349. enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
  350. evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
  351. if (evp_cipher == NULL) {
  352. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  353. PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
  354. goto err;
  355. }
  356. break;
  357. case NID_pkcs7_enveloped:
  358. rsk = p7->d.enveloped->recipientinfo;
  359. enc_alg = p7->d.enveloped->enc_data->algorithm;
  360. /* data_body is NULL if the optional EncryptedContent is missing. */
  361. data_body = p7->d.enveloped->enc_data->enc_data;
  362. evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
  363. if (evp_cipher == NULL) {
  364. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  365. PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
  366. goto err;
  367. }
  368. break;
  369. default:
  370. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  371. goto err;
  372. }
  373. /* Detached content must be supplied via in_bio instead. */
  374. if (data_body == NULL && in_bio == NULL) {
  375. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
  376. goto err;
  377. }
  378. /* We will be checking the signature */
  379. if (md_sk != NULL) {
  380. for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
  381. xa = sk_X509_ALGOR_value(md_sk, i);
  382. if ((btmp = BIO_new(BIO_f_md())) == NULL) {
  383. PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
  384. goto err;
  385. }
  386. j = OBJ_obj2nid(xa->algorithm);
  387. evp_md = EVP_get_digestbynid(j);
  388. if (evp_md == NULL) {
  389. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  390. PKCS7_R_UNKNOWN_DIGEST_TYPE);
  391. goto err;
  392. }
  393. BIO_set_md(btmp, evp_md);
  394. if (out == NULL)
  395. out = btmp;
  396. else
  397. BIO_push(out, btmp);
  398. btmp = NULL;
  399. }
  400. }
  401. if (evp_cipher != NULL) {
  402. if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
  403. PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
  404. goto err;
  405. }
  406. /*
  407. * It was encrypted, we need to decrypt the secret key with the
  408. * private key
  409. */
  410. /*
  411. * Find the recipientInfo which matches the passed certificate (if
  412. * any)
  413. */
  414. if (pcert) {
  415. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
  416. ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
  417. if (!pkcs7_cmp_ri(ri, pcert))
  418. break;
  419. ri = NULL;
  420. }
  421. if (ri == NULL) {
  422. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  423. PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
  424. goto err;
  425. }
  426. }
  427. /* If we haven't got a certificate try each ri in turn */
  428. if (pcert == NULL) {
  429. /*
  430. * Always attempt to decrypt all rinfo even after success as a
  431. * defence against MMA timing attacks.
  432. */
  433. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
  434. ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
  435. if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey,
  436. EVP_CIPHER_key_length(evp_cipher)) < 0)
  437. goto err;
  438. ERR_clear_error();
  439. }
  440. } else {
  441. /* Only exit on fatal errors, not decrypt failure */
  442. if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0)
  443. goto err;
  444. ERR_clear_error();
  445. }
  446. evp_ctx = NULL;
  447. BIO_get_cipher_ctx(etmp, &evp_ctx);
  448. if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
  449. goto err;
  450. if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
  451. goto err;
  452. /* Generate random key as MMA defence */
  453. tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
  454. tkey = OPENSSL_malloc(tkeylen);
  455. if (tkey == NULL)
  456. goto err;
  457. if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
  458. goto err;
  459. if (ek == NULL) {
  460. ek = tkey;
  461. eklen = tkeylen;
  462. tkey = NULL;
  463. }
  464. if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
  465. /*
  466. * Some S/MIME clients don't use the same key and effective key
  467. * length. The key length is determined by the size of the
  468. * decrypted RSA key.
  469. */
  470. if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
  471. /* Use random key as MMA defence */
  472. OPENSSL_clear_free(ek, eklen);
  473. ek = tkey;
  474. eklen = tkeylen;
  475. tkey = NULL;
  476. }
  477. }
  478. /* Clear errors so we don't leak information useful in MMA */
  479. ERR_clear_error();
  480. if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
  481. goto err;
  482. OPENSSL_clear_free(ek, eklen);
  483. ek = NULL;
  484. OPENSSL_clear_free(tkey, tkeylen);
  485. tkey = NULL;
  486. if (out == NULL)
  487. out = etmp;
  488. else
  489. BIO_push(out, etmp);
  490. etmp = NULL;
  491. }
  492. if (in_bio != NULL) {
  493. bio = in_bio;
  494. } else {
  495. if (data_body->length > 0)
  496. bio = BIO_new_mem_buf(data_body->data, data_body->length);
  497. else {
  498. bio = BIO_new(BIO_s_mem());
  499. if (bio == NULL)
  500. goto err;
  501. BIO_set_mem_eof_return(bio, 0);
  502. }
  503. if (bio == NULL)
  504. goto err;
  505. }
  506. BIO_push(out, bio);
  507. bio = NULL;
  508. return out;
  509. err:
  510. OPENSSL_clear_free(ek, eklen);
  511. OPENSSL_clear_free(tkey, tkeylen);
  512. BIO_free_all(out);
  513. BIO_free_all(btmp);
  514. BIO_free_all(etmp);
  515. BIO_free_all(bio);
  516. return NULL;
  517. }
  518. static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
  519. {
  520. for (;;) {
  521. bio = BIO_find_type(bio, BIO_TYPE_MD);
  522. if (bio == NULL) {
  523. PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
  524. PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
  525. return NULL;
  526. }
  527. BIO_get_md_ctx(bio, pmd);
  528. if (*pmd == NULL) {
  529. PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
  530. return NULL;
  531. }
  532. if (EVP_MD_CTX_type(*pmd) == nid)
  533. return bio;
  534. bio = BIO_next(bio);
  535. }
  536. return NULL;
  537. }
  538. static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
  539. {
  540. unsigned char md_data[EVP_MAX_MD_SIZE];
  541. unsigned int md_len;
  542. /* Add signing time if not already present */
  543. if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
  544. if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
  545. PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
  546. return 0;
  547. }
  548. }
  549. /* Add digest */
  550. if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
  551. PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
  552. return 0;
  553. }
  554. if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
  555. PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
  556. return 0;
  557. }
  558. /* Now sign the attributes */
  559. if (!PKCS7_SIGNER_INFO_sign(si))
  560. return 0;
  561. return 1;
  562. }
  563. int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
  564. {
  565. int ret = 0;
  566. int i, j;
  567. BIO *btmp;
  568. PKCS7_SIGNER_INFO *si;
  569. EVP_MD_CTX *mdc, *ctx_tmp;
  570. STACK_OF(X509_ATTRIBUTE) *sk;
  571. STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
  572. ASN1_OCTET_STRING *os = NULL;
  573. if (p7 == NULL) {
  574. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
  575. return 0;
  576. }
  577. if (p7->d.ptr == NULL) {
  578. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
  579. return 0;
  580. }
  581. ctx_tmp = EVP_MD_CTX_new();
  582. if (ctx_tmp == NULL) {
  583. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
  584. return 0;
  585. }
  586. i = OBJ_obj2nid(p7->type);
  587. p7->state = PKCS7_S_HEADER;
  588. switch (i) {
  589. case NID_pkcs7_data:
  590. os = p7->d.data;
  591. break;
  592. case NID_pkcs7_signedAndEnveloped:
  593. /* XXXXXXXXXXXXXXXX */
  594. si_sk = p7->d.signed_and_enveloped->signer_info;
  595. os = p7->d.signed_and_enveloped->enc_data->enc_data;
  596. if (os == NULL) {
  597. os = ASN1_OCTET_STRING_new();
  598. if (os == NULL) {
  599. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
  600. goto err;
  601. }
  602. p7->d.signed_and_enveloped->enc_data->enc_data = os;
  603. }
  604. break;
  605. case NID_pkcs7_enveloped:
  606. /* XXXXXXXXXXXXXXXX */
  607. os = p7->d.enveloped->enc_data->enc_data;
  608. if (os == NULL) {
  609. os = ASN1_OCTET_STRING_new();
  610. if (os == NULL) {
  611. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
  612. goto err;
  613. }
  614. p7->d.enveloped->enc_data->enc_data = os;
  615. }
  616. break;
  617. case NID_pkcs7_signed:
  618. si_sk = p7->d.sign->signer_info;
  619. os = PKCS7_get_octet_string(p7->d.sign->contents);
  620. /* If detached data then the content is excluded */
  621. if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
  622. ASN1_OCTET_STRING_free(os);
  623. os = NULL;
  624. p7->d.sign->contents->d.data = NULL;
  625. }
  626. break;
  627. case NID_pkcs7_digest:
  628. os = PKCS7_get_octet_string(p7->d.digest->contents);
  629. /* If detached data then the content is excluded */
  630. if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
  631. ASN1_OCTET_STRING_free(os);
  632. os = NULL;
  633. p7->d.digest->contents->d.data = NULL;
  634. }
  635. break;
  636. default:
  637. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  638. goto err;
  639. }
  640. if (si_sk != NULL) {
  641. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
  642. si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
  643. if (si->pkey == NULL)
  644. continue;
  645. j = OBJ_obj2nid(si->digest_alg->algorithm);
  646. btmp = bio;
  647. btmp = PKCS7_find_digest(&mdc, btmp, j);
  648. if (btmp == NULL)
  649. goto err;
  650. /*
  651. * We now have the EVP_MD_CTX, lets do the signing.
  652. */
  653. if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
  654. goto err;
  655. sk = si->auth_attr;
  656. /*
  657. * If there are attributes, we add the digest attribute and only
  658. * sign the attributes
  659. */
  660. if (sk_X509_ATTRIBUTE_num(sk) > 0) {
  661. if (!do_pkcs7_signed_attrib(si, ctx_tmp))
  662. goto err;
  663. } else {
  664. unsigned char *abuf = NULL;
  665. unsigned int abuflen;
  666. abuflen = EVP_PKEY_size(si->pkey);
  667. abuf = OPENSSL_malloc(abuflen);
  668. if (abuf == NULL)
  669. goto err;
  670. if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
  671. OPENSSL_free(abuf);
  672. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
  673. goto err;
  674. }
  675. ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
  676. }
  677. }
  678. } else if (i == NID_pkcs7_digest) {
  679. unsigned char md_data[EVP_MAX_MD_SIZE];
  680. unsigned int md_len;
  681. if (!PKCS7_find_digest(&mdc, bio,
  682. OBJ_obj2nid(p7->d.digest->md->algorithm)))
  683. goto err;
  684. if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
  685. goto err;
  686. if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len))
  687. goto err;
  688. }
  689. if (!PKCS7_is_detached(p7)) {
  690. /*
  691. * NOTE(emilia): I think we only reach os == NULL here because detached
  692. * digested data support is broken.
  693. */
  694. if (os == NULL)
  695. goto err;
  696. if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
  697. char *cont;
  698. long contlen;
  699. btmp = BIO_find_type(bio, BIO_TYPE_MEM);
  700. if (btmp == NULL) {
  701. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
  702. goto err;
  703. }
  704. contlen = BIO_get_mem_data(btmp, &cont);
  705. /*
  706. * Mark the BIO read only then we can use its copy of the data
  707. * instead of making an extra copy.
  708. */
  709. BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
  710. BIO_set_mem_eof_return(btmp, 0);
  711. ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
  712. }
  713. }
  714. ret = 1;
  715. err:
  716. EVP_MD_CTX_free(ctx_tmp);
  717. return ret;
  718. }
  719. int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
  720. {
  721. EVP_MD_CTX *mctx;
  722. EVP_PKEY_CTX *pctx = NULL;
  723. unsigned char *abuf = NULL;
  724. int alen;
  725. size_t siglen;
  726. const EVP_MD *md = NULL;
  727. md = EVP_get_digestbyobj(si->digest_alg->algorithm);
  728. if (md == NULL)
  729. return 0;
  730. mctx = EVP_MD_CTX_new();
  731. if (mctx == NULL) {
  732. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE);
  733. goto err;
  734. }
  735. if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
  736. goto err;
  737. /*
  738. * TODO(3.0): This causes problems when providers are in use, so disabled
  739. * for now. Can we get rid of this completely? AFAICT this ctrl has never
  740. * been used since it was first put in. All internal implementations just
  741. * return 1 and ignore this ctrl and have always done so by the looks of
  742. * things. To fix this we could convert this ctrl into a param, which would
  743. * require us to send all the signer info data as a set of params...but that
  744. * is non-trivial and since this isn't used by anything it may be better
  745. * just to remove it. The original commit that added it had this
  746. * justification in CHANGES:
  747. *
  748. * "During PKCS7 signing pass the PKCS7 SignerInfo structure to the
  749. * EVP_PKEY_METHOD before and after signing via the
  750. * EVP_PKEY_CTRL_PKCS7_SIGN ctrl. It can then customise the structure
  751. * before and/or after signing if necessary."
  752. */
  753. #if 0
  754. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
  755. EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
  756. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
  757. goto err;
  758. }
  759. #endif
  760. alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
  761. ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
  762. if (!abuf)
  763. goto err;
  764. if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
  765. goto err;
  766. OPENSSL_free(abuf);
  767. abuf = NULL;
  768. if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
  769. goto err;
  770. abuf = OPENSSL_malloc(siglen);
  771. if (abuf == NULL)
  772. goto err;
  773. if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
  774. goto err;
  775. /*
  776. * TODO(3.0): This causes problems when providers are in use, so disabled
  777. * for now. Can we get rid of this completely? AFAICT this ctrl has never
  778. * been used since it was first put in. All internal implementations just
  779. * return 1 and ignore this ctrl and have always done so by the looks of
  780. * things. To fix this we could convert this ctrl into a param, which would
  781. * require us to send all the signer info data as a set of params...but that
  782. * is non-trivial and since this isn't used by anything it may be better
  783. * just to remove it. The original commit that added it had this
  784. * justification in CHANGES:
  785. *
  786. * "During PKCS7 signing pass the PKCS7 SignerInfo structure to the
  787. * EVP_PKEY_METHOD before and after signing via the
  788. * EVP_PKEY_CTRL_PKCS7_SIGN ctrl. It can then customise the structure
  789. * before and/or after signing if necessary."
  790. */
  791. #if 0
  792. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
  793. EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
  794. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
  795. goto err;
  796. }
  797. #endif
  798. EVP_MD_CTX_free(mctx);
  799. ASN1_STRING_set0(si->enc_digest, abuf, siglen);
  800. return 1;
  801. err:
  802. OPENSSL_free(abuf);
  803. EVP_MD_CTX_free(mctx);
  804. return 0;
  805. }
  806. int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
  807. PKCS7 *p7, PKCS7_SIGNER_INFO *si)
  808. {
  809. PKCS7_ISSUER_AND_SERIAL *ias;
  810. int ret = 0, i;
  811. STACK_OF(X509) *cert;
  812. X509 *x509;
  813. if (p7 == NULL) {
  814. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
  815. return 0;
  816. }
  817. if (p7->d.ptr == NULL) {
  818. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
  819. return 0;
  820. }
  821. if (PKCS7_type_is_signed(p7)) {
  822. cert = p7->d.sign->cert;
  823. } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
  824. cert = p7->d.signed_and_enveloped->cert;
  825. } else {
  826. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
  827. goto err;
  828. }
  829. /* XXXXXXXXXXXXXXXXXXXXXXX */
  830. ias = si->issuer_and_serial;
  831. x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
  832. /* were we able to find the cert in passed to us */
  833. if (x509 == NULL) {
  834. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
  835. PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
  836. goto err;
  837. }
  838. /* Lets verify */
  839. if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
  840. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
  841. goto err;
  842. }
  843. X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
  844. i = X509_verify_cert(ctx);
  845. if (i <= 0) {
  846. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
  847. X509_STORE_CTX_cleanup(ctx);
  848. goto err;
  849. }
  850. X509_STORE_CTX_cleanup(ctx);
  851. return PKCS7_signatureVerify(bio, p7, si, x509);
  852. err:
  853. return ret;
  854. }
  855. int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
  856. X509 *x509)
  857. {
  858. ASN1_OCTET_STRING *os;
  859. EVP_MD_CTX *mdc_tmp, *mdc;
  860. int ret = 0, i;
  861. int md_type;
  862. STACK_OF(X509_ATTRIBUTE) *sk;
  863. BIO *btmp;
  864. EVP_PKEY *pkey;
  865. mdc_tmp = EVP_MD_CTX_new();
  866. if (mdc_tmp == NULL) {
  867. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE);
  868. goto err;
  869. }
  870. if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
  871. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
  872. goto err;
  873. }
  874. md_type = OBJ_obj2nid(si->digest_alg->algorithm);
  875. btmp = bio;
  876. for (;;) {
  877. if ((btmp == NULL) ||
  878. ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
  879. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
  880. PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
  881. goto err;
  882. }
  883. BIO_get_md_ctx(btmp, &mdc);
  884. if (mdc == NULL) {
  885. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
  886. goto err;
  887. }
  888. if (EVP_MD_CTX_type(mdc) == md_type)
  889. break;
  890. /*
  891. * Workaround for some broken clients that put the signature OID
  892. * instead of the digest OID in digest_alg->algorithm
  893. */
  894. if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
  895. break;
  896. btmp = BIO_next(btmp);
  897. }
  898. /*
  899. * mdc is the digest ctx that we want, unless there are attributes, in
  900. * which case the digest is the signed attributes
  901. */
  902. if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
  903. goto err;
  904. sk = si->auth_attr;
  905. if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
  906. unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
  907. unsigned int md_len;
  908. int alen;
  909. ASN1_OCTET_STRING *message_digest;
  910. if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
  911. goto err;
  912. message_digest = PKCS7_digest_from_attributes(sk);
  913. if (!message_digest) {
  914. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
  915. PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
  916. goto err;
  917. }
  918. if ((message_digest->length != (int)md_len) ||
  919. (memcmp(message_digest->data, md_dat, md_len))) {
  920. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
  921. ret = -1;
  922. goto err;
  923. }
  924. if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
  925. goto err;
  926. alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
  927. ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
  928. if (alen <= 0) {
  929. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
  930. ret = -1;
  931. goto err;
  932. }
  933. if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
  934. goto err;
  935. OPENSSL_free(abuf);
  936. }
  937. os = si->enc_digest;
  938. pkey = X509_get0_pubkey(x509);
  939. if (pkey == NULL) {
  940. ret = -1;
  941. goto err;
  942. }
  943. i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
  944. if (i <= 0) {
  945. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
  946. ret = -1;
  947. goto err;
  948. }
  949. ret = 1;
  950. err:
  951. EVP_MD_CTX_free(mdc_tmp);
  952. return ret;
  953. }
  954. PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
  955. {
  956. STACK_OF(PKCS7_RECIP_INFO) *rsk;
  957. PKCS7_RECIP_INFO *ri;
  958. int i;
  959. i = OBJ_obj2nid(p7->type);
  960. if (i != NID_pkcs7_signedAndEnveloped)
  961. return NULL;
  962. if (p7->d.signed_and_enveloped == NULL)
  963. return NULL;
  964. rsk = p7->d.signed_and_enveloped->recipientinfo;
  965. if (rsk == NULL)
  966. return NULL;
  967. if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
  968. return NULL;
  969. ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
  970. return ri->issuer_and_serial;
  971. }
  972. ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
  973. {
  974. return get_attribute(si->auth_attr, nid);
  975. }
  976. ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
  977. {
  978. return get_attribute(si->unauth_attr, nid);
  979. }
  980. static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
  981. {
  982. int idx;
  983. X509_ATTRIBUTE *xa;
  984. idx = X509at_get_attr_by_NID(sk, nid, -1);
  985. xa = X509at_get_attr(sk, idx);
  986. return X509_ATTRIBUTE_get0_type(xa, 0);
  987. }
  988. ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
  989. {
  990. ASN1_TYPE *astype;
  991. if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
  992. return NULL;
  993. return astype->value.octet_string;
  994. }
  995. int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
  996. STACK_OF(X509_ATTRIBUTE) *sk)
  997. {
  998. int i;
  999. sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
  1000. p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
  1001. if (p7si->auth_attr == NULL)
  1002. return 0;
  1003. for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
  1004. if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
  1005. X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
  1006. (sk, i))))
  1007. == NULL)
  1008. return 0;
  1009. }
  1010. return 1;
  1011. }
  1012. int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
  1013. STACK_OF(X509_ATTRIBUTE) *sk)
  1014. {
  1015. int i;
  1016. sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
  1017. p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
  1018. if (p7si->unauth_attr == NULL)
  1019. return 0;
  1020. for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
  1021. if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
  1022. X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
  1023. (sk, i))))
  1024. == NULL)
  1025. return 0;
  1026. }
  1027. return 1;
  1028. }
  1029. int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
  1030. void *value)
  1031. {
  1032. return add_attribute(&(p7si->auth_attr), nid, atrtype, value);
  1033. }
  1034. int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
  1035. void *value)
  1036. {
  1037. return add_attribute(&(p7si->unauth_attr), nid, atrtype, value);
  1038. }
  1039. static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
  1040. void *value)
  1041. {
  1042. X509_ATTRIBUTE *attr = NULL;
  1043. if (*sk == NULL) {
  1044. if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
  1045. return 0;
  1046. new_attrib:
  1047. if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL)
  1048. return 0;
  1049. if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
  1050. X509_ATTRIBUTE_free(attr);
  1051. return 0;
  1052. }
  1053. } else {
  1054. int i;
  1055. for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
  1056. attr = sk_X509_ATTRIBUTE_value(*sk, i);
  1057. if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
  1058. X509_ATTRIBUTE_free(attr);
  1059. attr = X509_ATTRIBUTE_create(nid, atrtype, value);
  1060. if (attr == NULL)
  1061. return 0;
  1062. if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
  1063. X509_ATTRIBUTE_free(attr);
  1064. return 0;
  1065. }
  1066. goto end;
  1067. }
  1068. }
  1069. goto new_attrib;
  1070. }
  1071. end:
  1072. return 1;
  1073. }