pk7_doit.c 34 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180
  1. /*
  2. * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/rand.h>
  12. #include <openssl/objects.h>
  13. #include <openssl/x509.h>
  14. #include <openssl/x509v3.h>
  15. #include <openssl/err.h>
  16. static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
  17. void *value);
  18. static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
  19. static int PKCS7_type_is_other(PKCS7 *p7)
  20. {
  21. int isOther = 1;
  22. int nid = OBJ_obj2nid(p7->type);
  23. switch (nid) {
  24. case NID_pkcs7_data:
  25. case NID_pkcs7_signed:
  26. case NID_pkcs7_enveloped:
  27. case NID_pkcs7_signedAndEnveloped:
  28. case NID_pkcs7_digest:
  29. case NID_pkcs7_encrypted:
  30. isOther = 0;
  31. break;
  32. default:
  33. isOther = 1;
  34. }
  35. return isOther;
  36. }
  37. static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
  38. {
  39. if (PKCS7_type_is_data(p7))
  40. return p7->d.data;
  41. if (PKCS7_type_is_other(p7) && p7->d.other
  42. && (p7->d.other->type == V_ASN1_OCTET_STRING))
  43. return p7->d.other->value.octet_string;
  44. return NULL;
  45. }
  46. static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
  47. {
  48. BIO *btmp;
  49. const EVP_MD *md;
  50. if ((btmp = BIO_new(BIO_f_md())) == NULL) {
  51. PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
  52. goto err;
  53. }
  54. md = EVP_get_digestbyobj(alg->algorithm);
  55. if (md == NULL) {
  56. PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
  57. goto err;
  58. }
  59. BIO_set_md(btmp, md);
  60. if (*pbio == NULL)
  61. *pbio = btmp;
  62. else if (!BIO_push(*pbio, btmp)) {
  63. PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
  64. goto err;
  65. }
  66. btmp = NULL;
  67. return 1;
  68. err:
  69. BIO_free(btmp);
  70. return 0;
  71. }
  72. static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
  73. unsigned char *key, int keylen)
  74. {
  75. EVP_PKEY_CTX *pctx = NULL;
  76. EVP_PKEY *pkey = NULL;
  77. unsigned char *ek = NULL;
  78. int ret = 0;
  79. size_t eklen;
  80. pkey = X509_get0_pubkey(ri->cert);
  81. if (!pkey)
  82. return 0;
  83. pctx = EVP_PKEY_CTX_new(pkey, NULL);
  84. if (!pctx)
  85. return 0;
  86. if (EVP_PKEY_encrypt_init(pctx) <= 0)
  87. goto err;
  88. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
  89. EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
  90. PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
  91. goto err;
  92. }
  93. if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
  94. goto err;
  95. ek = OPENSSL_malloc(eklen);
  96. if (ek == NULL) {
  97. PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
  98. goto err;
  99. }
  100. if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
  101. goto err;
  102. ASN1_STRING_set0(ri->enc_key, ek, eklen);
  103. ek = NULL;
  104. ret = 1;
  105. err:
  106. EVP_PKEY_CTX_free(pctx);
  107. OPENSSL_free(ek);
  108. return ret;
  109. }
  110. static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
  111. PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
  112. {
  113. EVP_PKEY_CTX *pctx = NULL;
  114. unsigned char *ek = NULL;
  115. size_t eklen;
  116. int ret = -1;
  117. pctx = EVP_PKEY_CTX_new(pkey, NULL);
  118. if (!pctx)
  119. return -1;
  120. if (EVP_PKEY_decrypt_init(pctx) <= 0)
  121. goto err;
  122. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
  123. EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
  124. PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
  125. goto err;
  126. }
  127. if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
  128. ri->enc_key->data, ri->enc_key->length) <= 0)
  129. goto err;
  130. ek = OPENSSL_malloc(eklen);
  131. if (ek == NULL) {
  132. PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
  133. goto err;
  134. }
  135. if (EVP_PKEY_decrypt(pctx, ek, &eklen,
  136. ri->enc_key->data, ri->enc_key->length) <= 0) {
  137. ret = 0;
  138. PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
  139. goto err;
  140. }
  141. ret = 1;
  142. OPENSSL_clear_free(*pek, *peklen);
  143. *pek = ek;
  144. *peklen = eklen;
  145. err:
  146. EVP_PKEY_CTX_free(pctx);
  147. if (!ret)
  148. OPENSSL_free(ek);
  149. return ret;
  150. }
  151. BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
  152. {
  153. int i;
  154. BIO *out = NULL, *btmp = NULL;
  155. X509_ALGOR *xa = NULL;
  156. const EVP_CIPHER *evp_cipher = NULL;
  157. STACK_OF(X509_ALGOR) *md_sk = NULL;
  158. STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
  159. X509_ALGOR *xalg = NULL;
  160. PKCS7_RECIP_INFO *ri = NULL;
  161. ASN1_OCTET_STRING *os = NULL;
  162. if (p7 == NULL) {
  163. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
  164. return NULL;
  165. }
  166. /*
  167. * The content field in the PKCS7 ContentInfo is optional, but that really
  168. * only applies to inner content (precisely, detached signatures).
  169. *
  170. * When reading content, missing outer content is therefore treated as an
  171. * error.
  172. *
  173. * When creating content, PKCS7_content_new() must be called before
  174. * calling this method, so a NULL p7->d is always an error.
  175. */
  176. if (p7->d.ptr == NULL) {
  177. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
  178. return NULL;
  179. }
  180. i = OBJ_obj2nid(p7->type);
  181. p7->state = PKCS7_S_HEADER;
  182. switch (i) {
  183. case NID_pkcs7_signed:
  184. md_sk = p7->d.sign->md_algs;
  185. os = PKCS7_get_octet_string(p7->d.sign->contents);
  186. break;
  187. case NID_pkcs7_signedAndEnveloped:
  188. rsk = p7->d.signed_and_enveloped->recipientinfo;
  189. md_sk = p7->d.signed_and_enveloped->md_algs;
  190. xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
  191. evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
  192. if (evp_cipher == NULL) {
  193. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
  194. goto err;
  195. }
  196. break;
  197. case NID_pkcs7_enveloped:
  198. rsk = p7->d.enveloped->recipientinfo;
  199. xalg = p7->d.enveloped->enc_data->algorithm;
  200. evp_cipher = p7->d.enveloped->enc_data->cipher;
  201. if (evp_cipher == NULL) {
  202. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
  203. goto err;
  204. }
  205. break;
  206. case NID_pkcs7_digest:
  207. xa = p7->d.digest->md;
  208. os = PKCS7_get_octet_string(p7->d.digest->contents);
  209. break;
  210. case NID_pkcs7_data:
  211. break;
  212. default:
  213. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  214. goto err;
  215. }
  216. for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
  217. if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
  218. goto err;
  219. if (xa && !PKCS7_bio_add_digest(&out, xa))
  220. goto err;
  221. if (evp_cipher != NULL) {
  222. unsigned char key[EVP_MAX_KEY_LENGTH];
  223. unsigned char iv[EVP_MAX_IV_LENGTH];
  224. int keylen, ivlen;
  225. EVP_CIPHER_CTX *ctx;
  226. if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
  227. PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
  228. goto err;
  229. }
  230. BIO_get_cipher_ctx(btmp, &ctx);
  231. keylen = EVP_CIPHER_key_length(evp_cipher);
  232. ivlen = EVP_CIPHER_iv_length(evp_cipher);
  233. xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
  234. if (ivlen > 0)
  235. if (RAND_bytes(iv, ivlen) <= 0)
  236. goto err;
  237. if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
  238. goto err;
  239. if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
  240. goto err;
  241. if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
  242. goto err;
  243. if (ivlen > 0) {
  244. if (xalg->parameter == NULL) {
  245. xalg->parameter = ASN1_TYPE_new();
  246. if (xalg->parameter == NULL)
  247. goto err;
  248. }
  249. if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
  250. goto err;
  251. }
  252. /* Lets do the pub key stuff :-) */
  253. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
  254. ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
  255. if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
  256. goto err;
  257. }
  258. OPENSSL_cleanse(key, keylen);
  259. if (out == NULL)
  260. out = btmp;
  261. else
  262. BIO_push(out, btmp);
  263. btmp = NULL;
  264. }
  265. if (bio == NULL) {
  266. if (PKCS7_is_detached(p7)) {
  267. bio = BIO_new(BIO_s_null());
  268. } else if (os && os->length > 0) {
  269. bio = BIO_new_mem_buf(os->data, os->length);
  270. } else {
  271. bio = BIO_new(BIO_s_mem());
  272. if (bio == NULL)
  273. goto err;
  274. BIO_set_mem_eof_return(bio, 0);
  275. }
  276. if (bio == NULL)
  277. goto err;
  278. }
  279. if (out)
  280. BIO_push(out, bio);
  281. else
  282. out = bio;
  283. return out;
  284. err:
  285. BIO_free_all(out);
  286. BIO_free_all(btmp);
  287. return NULL;
  288. }
  289. static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
  290. {
  291. int ret;
  292. ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
  293. X509_get_issuer_name(pcert));
  294. if (ret)
  295. return ret;
  296. return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert),
  297. ri->issuer_and_serial->serial);
  298. }
  299. /* int */
  300. BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
  301. {
  302. int i, j;
  303. BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
  304. X509_ALGOR *xa;
  305. ASN1_OCTET_STRING *data_body = NULL;
  306. const EVP_MD *evp_md;
  307. const EVP_CIPHER *evp_cipher = NULL;
  308. EVP_CIPHER_CTX *evp_ctx = NULL;
  309. X509_ALGOR *enc_alg = NULL;
  310. STACK_OF(X509_ALGOR) *md_sk = NULL;
  311. STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
  312. PKCS7_RECIP_INFO *ri = NULL;
  313. unsigned char *ek = NULL, *tkey = NULL;
  314. int eklen = 0, tkeylen = 0;
  315. if (p7 == NULL) {
  316. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
  317. return NULL;
  318. }
  319. if (p7->d.ptr == NULL) {
  320. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
  321. return NULL;
  322. }
  323. i = OBJ_obj2nid(p7->type);
  324. p7->state = PKCS7_S_HEADER;
  325. switch (i) {
  326. case NID_pkcs7_signed:
  327. /*
  328. * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
  329. * field and optional content.
  330. * data_body is NULL if that structure has no (=detached) content
  331. * or if the contentType is wrong (i.e., not "data").
  332. */
  333. data_body = PKCS7_get_octet_string(p7->d.sign->contents);
  334. if (!PKCS7_is_detached(p7) && data_body == NULL) {
  335. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  336. PKCS7_R_INVALID_SIGNED_DATA_TYPE);
  337. goto err;
  338. }
  339. md_sk = p7->d.sign->md_algs;
  340. break;
  341. case NID_pkcs7_signedAndEnveloped:
  342. rsk = p7->d.signed_and_enveloped->recipientinfo;
  343. md_sk = p7->d.signed_and_enveloped->md_algs;
  344. /* data_body is NULL if the optional EncryptedContent is missing. */
  345. data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
  346. enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
  347. evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
  348. if (evp_cipher == NULL) {
  349. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  350. PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
  351. goto err;
  352. }
  353. break;
  354. case NID_pkcs7_enveloped:
  355. rsk = p7->d.enveloped->recipientinfo;
  356. enc_alg = p7->d.enveloped->enc_data->algorithm;
  357. /* data_body is NULL if the optional EncryptedContent is missing. */
  358. data_body = p7->d.enveloped->enc_data->enc_data;
  359. evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
  360. if (evp_cipher == NULL) {
  361. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  362. PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
  363. goto err;
  364. }
  365. break;
  366. default:
  367. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  368. goto err;
  369. }
  370. /* Detached content must be supplied via in_bio instead. */
  371. if (data_body == NULL && in_bio == NULL) {
  372. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
  373. goto err;
  374. }
  375. /* We will be checking the signature */
  376. if (md_sk != NULL) {
  377. for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
  378. xa = sk_X509_ALGOR_value(md_sk, i);
  379. if ((btmp = BIO_new(BIO_f_md())) == NULL) {
  380. PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
  381. goto err;
  382. }
  383. j = OBJ_obj2nid(xa->algorithm);
  384. evp_md = EVP_get_digestbynid(j);
  385. if (evp_md == NULL) {
  386. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  387. PKCS7_R_UNKNOWN_DIGEST_TYPE);
  388. goto err;
  389. }
  390. BIO_set_md(btmp, evp_md);
  391. if (out == NULL)
  392. out = btmp;
  393. else
  394. BIO_push(out, btmp);
  395. btmp = NULL;
  396. }
  397. }
  398. if (evp_cipher != NULL) {
  399. if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
  400. PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
  401. goto err;
  402. }
  403. /*
  404. * It was encrypted, we need to decrypt the secret key with the
  405. * private key
  406. */
  407. /*
  408. * Find the recipientInfo which matches the passed certificate (if
  409. * any)
  410. */
  411. if (pcert) {
  412. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
  413. ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
  414. if (!pkcs7_cmp_ri(ri, pcert))
  415. break;
  416. ri = NULL;
  417. }
  418. if (ri == NULL) {
  419. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  420. PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
  421. goto err;
  422. }
  423. }
  424. /* If we haven't got a certificate try each ri in turn */
  425. if (pcert == NULL) {
  426. /*
  427. * Always attempt to decrypt all rinfo even after success as a
  428. * defence against MMA timing attacks.
  429. */
  430. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
  431. ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
  432. if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
  433. goto err;
  434. ERR_clear_error();
  435. }
  436. } else {
  437. /* Only exit on fatal errors, not decrypt failure */
  438. if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
  439. goto err;
  440. ERR_clear_error();
  441. }
  442. evp_ctx = NULL;
  443. BIO_get_cipher_ctx(etmp, &evp_ctx);
  444. if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
  445. goto err;
  446. if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
  447. goto err;
  448. /* Generate random key as MMA defence */
  449. tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
  450. tkey = OPENSSL_malloc(tkeylen);
  451. if (tkey == NULL)
  452. goto err;
  453. if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
  454. goto err;
  455. if (ek == NULL) {
  456. ek = tkey;
  457. eklen = tkeylen;
  458. tkey = NULL;
  459. }
  460. if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
  461. /*
  462. * Some S/MIME clients don't use the same key and effective key
  463. * length. The key length is determined by the size of the
  464. * decrypted RSA key.
  465. */
  466. if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
  467. /* Use random key as MMA defence */
  468. OPENSSL_clear_free(ek, eklen);
  469. ek = tkey;
  470. eklen = tkeylen;
  471. tkey = NULL;
  472. }
  473. }
  474. /* Clear errors so we don't leak information useful in MMA */
  475. ERR_clear_error();
  476. if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
  477. goto err;
  478. OPENSSL_clear_free(ek, eklen);
  479. ek = NULL;
  480. OPENSSL_clear_free(tkey, tkeylen);
  481. tkey = NULL;
  482. if (out == NULL)
  483. out = etmp;
  484. else
  485. BIO_push(out, etmp);
  486. etmp = NULL;
  487. }
  488. if (in_bio != NULL) {
  489. bio = in_bio;
  490. } else {
  491. if (data_body->length > 0)
  492. bio = BIO_new_mem_buf(data_body->data, data_body->length);
  493. else {
  494. bio = BIO_new(BIO_s_mem());
  495. if (bio == NULL)
  496. goto err;
  497. BIO_set_mem_eof_return(bio, 0);
  498. }
  499. if (bio == NULL)
  500. goto err;
  501. }
  502. BIO_push(out, bio);
  503. bio = NULL;
  504. return out;
  505. err:
  506. OPENSSL_clear_free(ek, eklen);
  507. OPENSSL_clear_free(tkey, tkeylen);
  508. BIO_free_all(out);
  509. BIO_free_all(btmp);
  510. BIO_free_all(etmp);
  511. BIO_free_all(bio);
  512. return NULL;
  513. }
  514. static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
  515. {
  516. for (;;) {
  517. bio = BIO_find_type(bio, BIO_TYPE_MD);
  518. if (bio == NULL) {
  519. PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
  520. PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
  521. return NULL;
  522. }
  523. BIO_get_md_ctx(bio, pmd);
  524. if (*pmd == NULL) {
  525. PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
  526. return NULL;
  527. }
  528. if (EVP_MD_CTX_type(*pmd) == nid)
  529. return bio;
  530. bio = BIO_next(bio);
  531. }
  532. return NULL;
  533. }
  534. static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
  535. {
  536. unsigned char md_data[EVP_MAX_MD_SIZE];
  537. unsigned int md_len;
  538. /* Add signing time if not already present */
  539. if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
  540. if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
  541. PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
  542. return 0;
  543. }
  544. }
  545. /* Add digest */
  546. if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
  547. PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
  548. return 0;
  549. }
  550. if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
  551. PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
  552. return 0;
  553. }
  554. /* Now sign the attributes */
  555. if (!PKCS7_SIGNER_INFO_sign(si))
  556. return 0;
  557. return 1;
  558. }
  559. int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
  560. {
  561. int ret = 0;
  562. int i, j;
  563. BIO *btmp;
  564. PKCS7_SIGNER_INFO *si;
  565. EVP_MD_CTX *mdc, *ctx_tmp;
  566. STACK_OF(X509_ATTRIBUTE) *sk;
  567. STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
  568. ASN1_OCTET_STRING *os = NULL;
  569. if (p7 == NULL) {
  570. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
  571. return 0;
  572. }
  573. if (p7->d.ptr == NULL) {
  574. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
  575. return 0;
  576. }
  577. ctx_tmp = EVP_MD_CTX_new();
  578. if (ctx_tmp == NULL) {
  579. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
  580. return 0;
  581. }
  582. i = OBJ_obj2nid(p7->type);
  583. p7->state = PKCS7_S_HEADER;
  584. switch (i) {
  585. case NID_pkcs7_data:
  586. os = p7->d.data;
  587. break;
  588. case NID_pkcs7_signedAndEnveloped:
  589. /* XXXXXXXXXXXXXXXX */
  590. si_sk = p7->d.signed_and_enveloped->signer_info;
  591. os = p7->d.signed_and_enveloped->enc_data->enc_data;
  592. if (os == NULL) {
  593. os = ASN1_OCTET_STRING_new();
  594. if (os == NULL) {
  595. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
  596. goto err;
  597. }
  598. p7->d.signed_and_enveloped->enc_data->enc_data = os;
  599. }
  600. break;
  601. case NID_pkcs7_enveloped:
  602. /* XXXXXXXXXXXXXXXX */
  603. os = p7->d.enveloped->enc_data->enc_data;
  604. if (os == NULL) {
  605. os = ASN1_OCTET_STRING_new();
  606. if (os == NULL) {
  607. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
  608. goto err;
  609. }
  610. p7->d.enveloped->enc_data->enc_data = os;
  611. }
  612. break;
  613. case NID_pkcs7_signed:
  614. si_sk = p7->d.sign->signer_info;
  615. os = PKCS7_get_octet_string(p7->d.sign->contents);
  616. /* If detached data then the content is excluded */
  617. if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
  618. ASN1_OCTET_STRING_free(os);
  619. os = NULL;
  620. p7->d.sign->contents->d.data = NULL;
  621. }
  622. break;
  623. case NID_pkcs7_digest:
  624. os = PKCS7_get_octet_string(p7->d.digest->contents);
  625. /* If detached data then the content is excluded */
  626. if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
  627. ASN1_OCTET_STRING_free(os);
  628. os = NULL;
  629. p7->d.digest->contents->d.data = NULL;
  630. }
  631. break;
  632. default:
  633. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  634. goto err;
  635. }
  636. if (si_sk != NULL) {
  637. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
  638. si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
  639. if (si->pkey == NULL)
  640. continue;
  641. j = OBJ_obj2nid(si->digest_alg->algorithm);
  642. btmp = bio;
  643. btmp = PKCS7_find_digest(&mdc, btmp, j);
  644. if (btmp == NULL)
  645. goto err;
  646. /*
  647. * We now have the EVP_MD_CTX, lets do the signing.
  648. */
  649. if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
  650. goto err;
  651. sk = si->auth_attr;
  652. /*
  653. * If there are attributes, we add the digest attribute and only
  654. * sign the attributes
  655. */
  656. if (sk_X509_ATTRIBUTE_num(sk) > 0) {
  657. if (!do_pkcs7_signed_attrib(si, ctx_tmp))
  658. goto err;
  659. } else {
  660. unsigned char *abuf = NULL;
  661. unsigned int abuflen;
  662. abuflen = EVP_PKEY_size(si->pkey);
  663. abuf = OPENSSL_malloc(abuflen);
  664. if (abuf == NULL)
  665. goto err;
  666. if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
  667. OPENSSL_free(abuf);
  668. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
  669. goto err;
  670. }
  671. ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
  672. }
  673. }
  674. } else if (i == NID_pkcs7_digest) {
  675. unsigned char md_data[EVP_MAX_MD_SIZE];
  676. unsigned int md_len;
  677. if (!PKCS7_find_digest(&mdc, bio,
  678. OBJ_obj2nid(p7->d.digest->md->algorithm)))
  679. goto err;
  680. if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
  681. goto err;
  682. if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len))
  683. goto err;
  684. }
  685. if (!PKCS7_is_detached(p7)) {
  686. /*
  687. * NOTE(emilia): I think we only reach os == NULL here because detached
  688. * digested data support is broken.
  689. */
  690. if (os == NULL)
  691. goto err;
  692. if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
  693. char *cont;
  694. long contlen;
  695. btmp = BIO_find_type(bio, BIO_TYPE_MEM);
  696. if (btmp == NULL) {
  697. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
  698. goto err;
  699. }
  700. contlen = BIO_get_mem_data(btmp, &cont);
  701. /*
  702. * Mark the BIO read only then we can use its copy of the data
  703. * instead of making an extra copy.
  704. */
  705. BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
  706. BIO_set_mem_eof_return(btmp, 0);
  707. ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
  708. }
  709. }
  710. ret = 1;
  711. err:
  712. EVP_MD_CTX_free(ctx_tmp);
  713. return ret;
  714. }
  715. int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
  716. {
  717. EVP_MD_CTX *mctx;
  718. EVP_PKEY_CTX *pctx = NULL;
  719. unsigned char *abuf = NULL;
  720. int alen;
  721. size_t siglen;
  722. const EVP_MD *md = NULL;
  723. md = EVP_get_digestbyobj(si->digest_alg->algorithm);
  724. if (md == NULL)
  725. return 0;
  726. mctx = EVP_MD_CTX_new();
  727. if (mctx == NULL) {
  728. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE);
  729. goto err;
  730. }
  731. if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
  732. goto err;
  733. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
  734. EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
  735. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
  736. goto err;
  737. }
  738. alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
  739. ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
  740. if (!abuf)
  741. goto err;
  742. if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
  743. goto err;
  744. OPENSSL_free(abuf);
  745. abuf = NULL;
  746. if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
  747. goto err;
  748. abuf = OPENSSL_malloc(siglen);
  749. if (abuf == NULL)
  750. goto err;
  751. if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
  752. goto err;
  753. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
  754. EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
  755. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
  756. goto err;
  757. }
  758. EVP_MD_CTX_free(mctx);
  759. ASN1_STRING_set0(si->enc_digest, abuf, siglen);
  760. return 1;
  761. err:
  762. OPENSSL_free(abuf);
  763. EVP_MD_CTX_free(mctx);
  764. return 0;
  765. }
  766. int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
  767. PKCS7 *p7, PKCS7_SIGNER_INFO *si)
  768. {
  769. PKCS7_ISSUER_AND_SERIAL *ias;
  770. int ret = 0, i;
  771. STACK_OF(X509) *cert;
  772. X509 *x509;
  773. if (p7 == NULL) {
  774. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
  775. return 0;
  776. }
  777. if (p7->d.ptr == NULL) {
  778. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
  779. return 0;
  780. }
  781. if (PKCS7_type_is_signed(p7)) {
  782. cert = p7->d.sign->cert;
  783. } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
  784. cert = p7->d.signed_and_enveloped->cert;
  785. } else {
  786. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
  787. goto err;
  788. }
  789. /* XXXXXXXXXXXXXXXXXXXXXXX */
  790. ias = si->issuer_and_serial;
  791. x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
  792. /* were we able to find the cert in passed to us */
  793. if (x509 == NULL) {
  794. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
  795. PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
  796. goto err;
  797. }
  798. /* Lets verify */
  799. if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
  800. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
  801. goto err;
  802. }
  803. X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
  804. i = X509_verify_cert(ctx);
  805. if (i <= 0) {
  806. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
  807. X509_STORE_CTX_cleanup(ctx);
  808. goto err;
  809. }
  810. X509_STORE_CTX_cleanup(ctx);
  811. return PKCS7_signatureVerify(bio, p7, si, x509);
  812. err:
  813. return ret;
  814. }
  815. int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
  816. X509 *x509)
  817. {
  818. ASN1_OCTET_STRING *os;
  819. EVP_MD_CTX *mdc_tmp, *mdc;
  820. int ret = 0, i;
  821. int md_type;
  822. STACK_OF(X509_ATTRIBUTE) *sk;
  823. BIO *btmp;
  824. EVP_PKEY *pkey;
  825. mdc_tmp = EVP_MD_CTX_new();
  826. if (mdc_tmp == NULL) {
  827. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE);
  828. goto err;
  829. }
  830. if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
  831. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
  832. goto err;
  833. }
  834. md_type = OBJ_obj2nid(si->digest_alg->algorithm);
  835. btmp = bio;
  836. for (;;) {
  837. if ((btmp == NULL) ||
  838. ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
  839. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
  840. PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
  841. goto err;
  842. }
  843. BIO_get_md_ctx(btmp, &mdc);
  844. if (mdc == NULL) {
  845. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
  846. goto err;
  847. }
  848. if (EVP_MD_CTX_type(mdc) == md_type)
  849. break;
  850. /*
  851. * Workaround for some broken clients that put the signature OID
  852. * instead of the digest OID in digest_alg->algorithm
  853. */
  854. if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
  855. break;
  856. btmp = BIO_next(btmp);
  857. }
  858. /*
  859. * mdc is the digest ctx that we want, unless there are attributes, in
  860. * which case the digest is the signed attributes
  861. */
  862. if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
  863. goto err;
  864. sk = si->auth_attr;
  865. if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
  866. unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
  867. unsigned int md_len;
  868. int alen;
  869. ASN1_OCTET_STRING *message_digest;
  870. if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
  871. goto err;
  872. message_digest = PKCS7_digest_from_attributes(sk);
  873. if (!message_digest) {
  874. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
  875. PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
  876. goto err;
  877. }
  878. if ((message_digest->length != (int)md_len) ||
  879. (memcmp(message_digest->data, md_dat, md_len))) {
  880. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
  881. ret = -1;
  882. goto err;
  883. }
  884. if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
  885. goto err;
  886. alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
  887. ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
  888. if (alen <= 0) {
  889. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
  890. ret = -1;
  891. goto err;
  892. }
  893. if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
  894. goto err;
  895. OPENSSL_free(abuf);
  896. }
  897. os = si->enc_digest;
  898. pkey = X509_get0_pubkey(x509);
  899. if (!pkey) {
  900. ret = -1;
  901. goto err;
  902. }
  903. i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
  904. if (i <= 0) {
  905. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
  906. ret = -1;
  907. goto err;
  908. }
  909. ret = 1;
  910. err:
  911. EVP_MD_CTX_free(mdc_tmp);
  912. return ret;
  913. }
  914. PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
  915. {
  916. STACK_OF(PKCS7_RECIP_INFO) *rsk;
  917. PKCS7_RECIP_INFO *ri;
  918. int i;
  919. i = OBJ_obj2nid(p7->type);
  920. if (i != NID_pkcs7_signedAndEnveloped)
  921. return NULL;
  922. if (p7->d.signed_and_enveloped == NULL)
  923. return NULL;
  924. rsk = p7->d.signed_and_enveloped->recipientinfo;
  925. if (rsk == NULL)
  926. return NULL;
  927. if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
  928. return NULL;
  929. ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
  930. return ri->issuer_and_serial;
  931. }
  932. ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
  933. {
  934. return get_attribute(si->auth_attr, nid);
  935. }
  936. ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
  937. {
  938. return get_attribute(si->unauth_attr, nid);
  939. }
  940. static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
  941. {
  942. int idx;
  943. X509_ATTRIBUTE *xa;
  944. idx = X509at_get_attr_by_NID(sk, nid, -1);
  945. xa = X509at_get_attr(sk, idx);
  946. return X509_ATTRIBUTE_get0_type(xa, 0);
  947. }
  948. ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
  949. {
  950. ASN1_TYPE *astype;
  951. if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
  952. return NULL;
  953. return astype->value.octet_string;
  954. }
  955. int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
  956. STACK_OF(X509_ATTRIBUTE) *sk)
  957. {
  958. int i;
  959. sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
  960. p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
  961. if (p7si->auth_attr == NULL)
  962. return 0;
  963. for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
  964. if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
  965. X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
  966. (sk, i))))
  967. == NULL)
  968. return 0;
  969. }
  970. return 1;
  971. }
  972. int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
  973. STACK_OF(X509_ATTRIBUTE) *sk)
  974. {
  975. int i;
  976. sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
  977. p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
  978. if (p7si->unauth_attr == NULL)
  979. return 0;
  980. for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
  981. if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
  982. X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
  983. (sk, i))))
  984. == NULL)
  985. return 0;
  986. }
  987. return 1;
  988. }
  989. int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
  990. void *value)
  991. {
  992. return add_attribute(&(p7si->auth_attr), nid, atrtype, value);
  993. }
  994. int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
  995. void *value)
  996. {
  997. return add_attribute(&(p7si->unauth_attr), nid, atrtype, value);
  998. }
  999. static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
  1000. void *value)
  1001. {
  1002. X509_ATTRIBUTE *attr = NULL;
  1003. if (*sk == NULL) {
  1004. if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
  1005. return 0;
  1006. new_attrib:
  1007. if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL)
  1008. return 0;
  1009. if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
  1010. X509_ATTRIBUTE_free(attr);
  1011. return 0;
  1012. }
  1013. } else {
  1014. int i;
  1015. for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
  1016. attr = sk_X509_ATTRIBUTE_value(*sk, i);
  1017. if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
  1018. X509_ATTRIBUTE_free(attr);
  1019. attr = X509_ATTRIBUTE_create(nid, atrtype, value);
  1020. if (attr == NULL)
  1021. return 0;
  1022. if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
  1023. X509_ATTRIBUTE_free(attr);
  1024. return 0;
  1025. }
  1026. goto end;
  1027. }
  1028. }
  1029. goto new_attrib;
  1030. }
  1031. end:
  1032. return 1;
  1033. }