pk7_doit.c 34 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177
  1. /*
  2. * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/rand.h>
  12. #include <openssl/objects.h>
  13. #include <openssl/x509.h>
  14. #include <openssl/x509v3.h>
  15. #include <openssl/err.h>
  16. static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
  17. void *value);
  18. static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
  19. static int PKCS7_type_is_other(PKCS7 *p7)
  20. {
  21. int isOther = 1;
  22. int nid = OBJ_obj2nid(p7->type);
  23. switch (nid) {
  24. case NID_pkcs7_data:
  25. case NID_pkcs7_signed:
  26. case NID_pkcs7_enveloped:
  27. case NID_pkcs7_signedAndEnveloped:
  28. case NID_pkcs7_digest:
  29. case NID_pkcs7_encrypted:
  30. isOther = 0;
  31. break;
  32. default:
  33. isOther = 1;
  34. }
  35. return isOther;
  36. }
  37. static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
  38. {
  39. if (PKCS7_type_is_data(p7))
  40. return p7->d.data;
  41. if (PKCS7_type_is_other(p7) && p7->d.other
  42. && (p7->d.other->type == V_ASN1_OCTET_STRING))
  43. return p7->d.other->value.octet_string;
  44. return NULL;
  45. }
  46. static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
  47. {
  48. BIO *btmp;
  49. const EVP_MD *md;
  50. if ((btmp = BIO_new(BIO_f_md())) == NULL) {
  51. PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
  52. goto err;
  53. }
  54. md = EVP_get_digestbyobj(alg->algorithm);
  55. if (md == NULL) {
  56. PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
  57. goto err;
  58. }
  59. BIO_set_md(btmp, md);
  60. if (*pbio == NULL)
  61. *pbio = btmp;
  62. else if (!BIO_push(*pbio, btmp)) {
  63. PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
  64. goto err;
  65. }
  66. btmp = NULL;
  67. return 1;
  68. err:
  69. BIO_free(btmp);
  70. return 0;
  71. }
  72. static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
  73. unsigned char *key, int keylen)
  74. {
  75. EVP_PKEY_CTX *pctx = NULL;
  76. EVP_PKEY *pkey = NULL;
  77. unsigned char *ek = NULL;
  78. int ret = 0;
  79. size_t eklen;
  80. pkey = X509_get0_pubkey(ri->cert);
  81. if (!pkey)
  82. return 0;
  83. pctx = EVP_PKEY_CTX_new(pkey, NULL);
  84. if (!pctx)
  85. return 0;
  86. if (EVP_PKEY_encrypt_init(pctx) <= 0)
  87. goto err;
  88. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
  89. EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
  90. PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
  91. goto err;
  92. }
  93. if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
  94. goto err;
  95. ek = OPENSSL_malloc(eklen);
  96. if (ek == NULL) {
  97. PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
  98. goto err;
  99. }
  100. if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
  101. goto err;
  102. ASN1_STRING_set0(ri->enc_key, ek, eklen);
  103. ek = NULL;
  104. ret = 1;
  105. err:
  106. EVP_PKEY_CTX_free(pctx);
  107. OPENSSL_free(ek);
  108. return ret;
  109. }
  110. static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
  111. PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
  112. {
  113. EVP_PKEY_CTX *pctx = NULL;
  114. unsigned char *ek = NULL;
  115. size_t eklen;
  116. int ret = -1;
  117. pctx = EVP_PKEY_CTX_new(pkey, NULL);
  118. if (!pctx)
  119. return -1;
  120. if (EVP_PKEY_decrypt_init(pctx) <= 0)
  121. goto err;
  122. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
  123. EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
  124. PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
  125. goto err;
  126. }
  127. if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
  128. ri->enc_key->data, ri->enc_key->length) <= 0)
  129. goto err;
  130. ek = OPENSSL_malloc(eklen);
  131. if (ek == NULL) {
  132. PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
  133. goto err;
  134. }
  135. if (EVP_PKEY_decrypt(pctx, ek, &eklen,
  136. ri->enc_key->data, ri->enc_key->length) <= 0) {
  137. ret = 0;
  138. PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
  139. goto err;
  140. }
  141. ret = 1;
  142. OPENSSL_clear_free(*pek, *peklen);
  143. *pek = ek;
  144. *peklen = eklen;
  145. err:
  146. EVP_PKEY_CTX_free(pctx);
  147. if (!ret)
  148. OPENSSL_free(ek);
  149. return ret;
  150. }
  151. BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
  152. {
  153. int i;
  154. BIO *out = NULL, *btmp = NULL;
  155. X509_ALGOR *xa = NULL;
  156. const EVP_CIPHER *evp_cipher = NULL;
  157. STACK_OF(X509_ALGOR) *md_sk = NULL;
  158. STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
  159. X509_ALGOR *xalg = NULL;
  160. PKCS7_RECIP_INFO *ri = NULL;
  161. ASN1_OCTET_STRING *os = NULL;
  162. if (p7 == NULL) {
  163. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
  164. return NULL;
  165. }
  166. /*
  167. * The content field in the PKCS7 ContentInfo is optional, but that really
  168. * only applies to inner content (precisely, detached signatures).
  169. *
  170. * When reading content, missing outer content is therefore treated as an
  171. * error.
  172. *
  173. * When creating content, PKCS7_content_new() must be called before
  174. * calling this method, so a NULL p7->d is always an error.
  175. */
  176. if (p7->d.ptr == NULL) {
  177. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
  178. return NULL;
  179. }
  180. i = OBJ_obj2nid(p7->type);
  181. p7->state = PKCS7_S_HEADER;
  182. switch (i) {
  183. case NID_pkcs7_signed:
  184. md_sk = p7->d.sign->md_algs;
  185. os = PKCS7_get_octet_string(p7->d.sign->contents);
  186. break;
  187. case NID_pkcs7_signedAndEnveloped:
  188. rsk = p7->d.signed_and_enveloped->recipientinfo;
  189. md_sk = p7->d.signed_and_enveloped->md_algs;
  190. xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
  191. evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
  192. if (evp_cipher == NULL) {
  193. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
  194. goto err;
  195. }
  196. break;
  197. case NID_pkcs7_enveloped:
  198. rsk = p7->d.enveloped->recipientinfo;
  199. xalg = p7->d.enveloped->enc_data->algorithm;
  200. evp_cipher = p7->d.enveloped->enc_data->cipher;
  201. if (evp_cipher == NULL) {
  202. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
  203. goto err;
  204. }
  205. break;
  206. case NID_pkcs7_digest:
  207. xa = p7->d.digest->md;
  208. os = PKCS7_get_octet_string(p7->d.digest->contents);
  209. break;
  210. case NID_pkcs7_data:
  211. break;
  212. default:
  213. PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  214. goto err;
  215. }
  216. for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
  217. if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
  218. goto err;
  219. if (xa && !PKCS7_bio_add_digest(&out, xa))
  220. goto err;
  221. if (evp_cipher != NULL) {
  222. unsigned char key[EVP_MAX_KEY_LENGTH];
  223. unsigned char iv[EVP_MAX_IV_LENGTH];
  224. int keylen, ivlen;
  225. EVP_CIPHER_CTX *ctx;
  226. if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
  227. PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
  228. goto err;
  229. }
  230. BIO_get_cipher_ctx(btmp, &ctx);
  231. keylen = EVP_CIPHER_key_length(evp_cipher);
  232. ivlen = EVP_CIPHER_iv_length(evp_cipher);
  233. xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
  234. if (ivlen > 0)
  235. if (RAND_bytes(iv, ivlen) <= 0)
  236. goto err;
  237. if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
  238. goto err;
  239. if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
  240. goto err;
  241. if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
  242. goto err;
  243. if (ivlen > 0) {
  244. if (xalg->parameter == NULL) {
  245. xalg->parameter = ASN1_TYPE_new();
  246. if (xalg->parameter == NULL)
  247. goto err;
  248. }
  249. if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
  250. goto err;
  251. }
  252. /* Lets do the pub key stuff :-) */
  253. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
  254. ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
  255. if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
  256. goto err;
  257. }
  258. OPENSSL_cleanse(key, keylen);
  259. if (out == NULL)
  260. out = btmp;
  261. else
  262. BIO_push(out, btmp);
  263. btmp = NULL;
  264. }
  265. if (bio == NULL) {
  266. if (PKCS7_is_detached(p7))
  267. bio = BIO_new(BIO_s_null());
  268. else if (os && os->length > 0)
  269. bio = BIO_new_mem_buf(os->data, os->length);
  270. if (bio == NULL) {
  271. bio = BIO_new(BIO_s_mem());
  272. if (bio == NULL)
  273. goto err;
  274. BIO_set_mem_eof_return(bio, 0);
  275. }
  276. }
  277. if (out)
  278. BIO_push(out, bio);
  279. else
  280. out = bio;
  281. return out;
  282. err:
  283. BIO_free_all(out);
  284. BIO_free_all(btmp);
  285. return NULL;
  286. }
  287. static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
  288. {
  289. int ret;
  290. ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
  291. X509_get_issuer_name(pcert));
  292. if (ret)
  293. return ret;
  294. return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert),
  295. ri->issuer_and_serial->serial);
  296. }
  297. /* int */
  298. BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
  299. {
  300. int i, j;
  301. BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
  302. X509_ALGOR *xa;
  303. ASN1_OCTET_STRING *data_body = NULL;
  304. const EVP_MD *evp_md;
  305. const EVP_CIPHER *evp_cipher = NULL;
  306. EVP_CIPHER_CTX *evp_ctx = NULL;
  307. X509_ALGOR *enc_alg = NULL;
  308. STACK_OF(X509_ALGOR) *md_sk = NULL;
  309. STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
  310. PKCS7_RECIP_INFO *ri = NULL;
  311. unsigned char *ek = NULL, *tkey = NULL;
  312. int eklen = 0, tkeylen = 0;
  313. if (p7 == NULL) {
  314. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
  315. return NULL;
  316. }
  317. if (p7->d.ptr == NULL) {
  318. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
  319. return NULL;
  320. }
  321. i = OBJ_obj2nid(p7->type);
  322. p7->state = PKCS7_S_HEADER;
  323. switch (i) {
  324. case NID_pkcs7_signed:
  325. /*
  326. * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
  327. * field and optional content.
  328. * data_body is NULL if that structure has no (=detached) content
  329. * or if the contentType is wrong (i.e., not "data").
  330. */
  331. data_body = PKCS7_get_octet_string(p7->d.sign->contents);
  332. if (!PKCS7_is_detached(p7) && data_body == NULL) {
  333. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  334. PKCS7_R_INVALID_SIGNED_DATA_TYPE);
  335. goto err;
  336. }
  337. md_sk = p7->d.sign->md_algs;
  338. break;
  339. case NID_pkcs7_signedAndEnveloped:
  340. rsk = p7->d.signed_and_enveloped->recipientinfo;
  341. md_sk = p7->d.signed_and_enveloped->md_algs;
  342. /* data_body is NULL if the optional EncryptedContent is missing. */
  343. data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
  344. enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
  345. evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
  346. if (evp_cipher == NULL) {
  347. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  348. PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
  349. goto err;
  350. }
  351. break;
  352. case NID_pkcs7_enveloped:
  353. rsk = p7->d.enveloped->recipientinfo;
  354. enc_alg = p7->d.enveloped->enc_data->algorithm;
  355. /* data_body is NULL if the optional EncryptedContent is missing. */
  356. data_body = p7->d.enveloped->enc_data->enc_data;
  357. evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
  358. if (evp_cipher == NULL) {
  359. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  360. PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
  361. goto err;
  362. }
  363. break;
  364. default:
  365. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  366. goto err;
  367. }
  368. /* Detached content must be supplied via in_bio instead. */
  369. if (data_body == NULL && in_bio == NULL) {
  370. PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
  371. goto err;
  372. }
  373. /* We will be checking the signature */
  374. if (md_sk != NULL) {
  375. for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
  376. xa = sk_X509_ALGOR_value(md_sk, i);
  377. if ((btmp = BIO_new(BIO_f_md())) == NULL) {
  378. PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
  379. goto err;
  380. }
  381. j = OBJ_obj2nid(xa->algorithm);
  382. evp_md = EVP_get_digestbynid(j);
  383. if (evp_md == NULL) {
  384. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  385. PKCS7_R_UNKNOWN_DIGEST_TYPE);
  386. goto err;
  387. }
  388. BIO_set_md(btmp, evp_md);
  389. if (out == NULL)
  390. out = btmp;
  391. else
  392. BIO_push(out, btmp);
  393. btmp = NULL;
  394. }
  395. }
  396. if (evp_cipher != NULL) {
  397. if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
  398. PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
  399. goto err;
  400. }
  401. /*
  402. * It was encrypted, we need to decrypt the secret key with the
  403. * private key
  404. */
  405. /*
  406. * Find the recipientInfo which matches the passed certificate (if
  407. * any)
  408. */
  409. if (pcert) {
  410. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
  411. ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
  412. if (!pkcs7_cmp_ri(ri, pcert))
  413. break;
  414. ri = NULL;
  415. }
  416. if (ri == NULL) {
  417. PKCS7err(PKCS7_F_PKCS7_DATADECODE,
  418. PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
  419. goto err;
  420. }
  421. }
  422. /* If we haven't got a certificate try each ri in turn */
  423. if (pcert == NULL) {
  424. /*
  425. * Always attempt to decrypt all rinfo even after success as a
  426. * defence against MMA timing attacks.
  427. */
  428. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
  429. ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
  430. if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
  431. goto err;
  432. ERR_clear_error();
  433. }
  434. } else {
  435. /* Only exit on fatal errors, not decrypt failure */
  436. if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
  437. goto err;
  438. ERR_clear_error();
  439. }
  440. evp_ctx = NULL;
  441. BIO_get_cipher_ctx(etmp, &evp_ctx);
  442. if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
  443. goto err;
  444. if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
  445. goto err;
  446. /* Generate random key as MMA defence */
  447. tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
  448. tkey = OPENSSL_malloc(tkeylen);
  449. if (tkey == NULL)
  450. goto err;
  451. if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
  452. goto err;
  453. if (ek == NULL) {
  454. ek = tkey;
  455. eklen = tkeylen;
  456. tkey = NULL;
  457. }
  458. if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
  459. /*
  460. * Some S/MIME clients don't use the same key and effective key
  461. * length. The key length is determined by the size of the
  462. * decrypted RSA key.
  463. */
  464. if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
  465. /* Use random key as MMA defence */
  466. OPENSSL_clear_free(ek, eklen);
  467. ek = tkey;
  468. eklen = tkeylen;
  469. tkey = NULL;
  470. }
  471. }
  472. /* Clear errors so we don't leak information useful in MMA */
  473. ERR_clear_error();
  474. if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
  475. goto err;
  476. OPENSSL_clear_free(ek, eklen);
  477. ek = NULL;
  478. OPENSSL_clear_free(tkey, tkeylen);
  479. tkey = NULL;
  480. if (out == NULL)
  481. out = etmp;
  482. else
  483. BIO_push(out, etmp);
  484. etmp = NULL;
  485. }
  486. if (in_bio != NULL) {
  487. bio = in_bio;
  488. } else {
  489. if (data_body->length > 0)
  490. bio = BIO_new_mem_buf(data_body->data, data_body->length);
  491. else {
  492. bio = BIO_new(BIO_s_mem());
  493. if (bio == NULL)
  494. goto err;
  495. BIO_set_mem_eof_return(bio, 0);
  496. }
  497. if (bio == NULL)
  498. goto err;
  499. }
  500. BIO_push(out, bio);
  501. bio = NULL;
  502. return out;
  503. err:
  504. OPENSSL_clear_free(ek, eklen);
  505. OPENSSL_clear_free(tkey, tkeylen);
  506. BIO_free_all(out);
  507. BIO_free_all(btmp);
  508. BIO_free_all(etmp);
  509. BIO_free_all(bio);
  510. return NULL;
  511. }
  512. static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
  513. {
  514. for (;;) {
  515. bio = BIO_find_type(bio, BIO_TYPE_MD);
  516. if (bio == NULL) {
  517. PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
  518. PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
  519. return NULL;
  520. }
  521. BIO_get_md_ctx(bio, pmd);
  522. if (*pmd == NULL) {
  523. PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
  524. return NULL;
  525. }
  526. if (EVP_MD_CTX_type(*pmd) == nid)
  527. return bio;
  528. bio = BIO_next(bio);
  529. }
  530. return NULL;
  531. }
  532. static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
  533. {
  534. unsigned char md_data[EVP_MAX_MD_SIZE];
  535. unsigned int md_len;
  536. /* Add signing time if not already present */
  537. if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
  538. if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
  539. PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
  540. return 0;
  541. }
  542. }
  543. /* Add digest */
  544. if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
  545. PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
  546. return 0;
  547. }
  548. if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
  549. PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
  550. return 0;
  551. }
  552. /* Now sign the attributes */
  553. if (!PKCS7_SIGNER_INFO_sign(si))
  554. return 0;
  555. return 1;
  556. }
  557. int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
  558. {
  559. int ret = 0;
  560. int i, j;
  561. BIO *btmp;
  562. PKCS7_SIGNER_INFO *si;
  563. EVP_MD_CTX *mdc, *ctx_tmp;
  564. STACK_OF(X509_ATTRIBUTE) *sk;
  565. STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
  566. ASN1_OCTET_STRING *os = NULL;
  567. if (p7 == NULL) {
  568. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
  569. return 0;
  570. }
  571. if (p7->d.ptr == NULL) {
  572. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
  573. return 0;
  574. }
  575. ctx_tmp = EVP_MD_CTX_new();
  576. if (ctx_tmp == NULL) {
  577. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
  578. return 0;
  579. }
  580. i = OBJ_obj2nid(p7->type);
  581. p7->state = PKCS7_S_HEADER;
  582. switch (i) {
  583. case NID_pkcs7_data:
  584. os = p7->d.data;
  585. break;
  586. case NID_pkcs7_signedAndEnveloped:
  587. /* XXXXXXXXXXXXXXXX */
  588. si_sk = p7->d.signed_and_enveloped->signer_info;
  589. os = p7->d.signed_and_enveloped->enc_data->enc_data;
  590. if (os == NULL) {
  591. os = ASN1_OCTET_STRING_new();
  592. if (os == NULL) {
  593. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
  594. goto err;
  595. }
  596. p7->d.signed_and_enveloped->enc_data->enc_data = os;
  597. }
  598. break;
  599. case NID_pkcs7_enveloped:
  600. /* XXXXXXXXXXXXXXXX */
  601. os = p7->d.enveloped->enc_data->enc_data;
  602. if (os == NULL) {
  603. os = ASN1_OCTET_STRING_new();
  604. if (os == NULL) {
  605. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
  606. goto err;
  607. }
  608. p7->d.enveloped->enc_data->enc_data = os;
  609. }
  610. break;
  611. case NID_pkcs7_signed:
  612. si_sk = p7->d.sign->signer_info;
  613. os = PKCS7_get_octet_string(p7->d.sign->contents);
  614. /* If detached data then the content is excluded */
  615. if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
  616. ASN1_OCTET_STRING_free(os);
  617. os = NULL;
  618. p7->d.sign->contents->d.data = NULL;
  619. }
  620. break;
  621. case NID_pkcs7_digest:
  622. os = PKCS7_get_octet_string(p7->d.digest->contents);
  623. /* If detached data then the content is excluded */
  624. if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
  625. ASN1_OCTET_STRING_free(os);
  626. os = NULL;
  627. p7->d.digest->contents->d.data = NULL;
  628. }
  629. break;
  630. default:
  631. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  632. goto err;
  633. }
  634. if (si_sk != NULL) {
  635. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
  636. si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
  637. if (si->pkey == NULL)
  638. continue;
  639. j = OBJ_obj2nid(si->digest_alg->algorithm);
  640. btmp = bio;
  641. btmp = PKCS7_find_digest(&mdc, btmp, j);
  642. if (btmp == NULL)
  643. goto err;
  644. /*
  645. * We now have the EVP_MD_CTX, lets do the signing.
  646. */
  647. if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
  648. goto err;
  649. sk = si->auth_attr;
  650. /*
  651. * If there are attributes, we add the digest attribute and only
  652. * sign the attributes
  653. */
  654. if (sk_X509_ATTRIBUTE_num(sk) > 0) {
  655. if (!do_pkcs7_signed_attrib(si, ctx_tmp))
  656. goto err;
  657. } else {
  658. unsigned char *abuf = NULL;
  659. unsigned int abuflen;
  660. abuflen = EVP_PKEY_size(si->pkey);
  661. abuf = OPENSSL_malloc(abuflen);
  662. if (abuf == NULL)
  663. goto err;
  664. if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
  665. OPENSSL_free(abuf);
  666. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
  667. goto err;
  668. }
  669. ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
  670. }
  671. }
  672. } else if (i == NID_pkcs7_digest) {
  673. unsigned char md_data[EVP_MAX_MD_SIZE];
  674. unsigned int md_len;
  675. if (!PKCS7_find_digest(&mdc, bio,
  676. OBJ_obj2nid(p7->d.digest->md->algorithm)))
  677. goto err;
  678. if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
  679. goto err;
  680. ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
  681. }
  682. if (!PKCS7_is_detached(p7)) {
  683. /*
  684. * NOTE(emilia): I think we only reach os == NULL here because detached
  685. * digested data support is broken.
  686. */
  687. if (os == NULL)
  688. goto err;
  689. if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
  690. char *cont;
  691. long contlen;
  692. btmp = BIO_find_type(bio, BIO_TYPE_MEM);
  693. if (btmp == NULL) {
  694. PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
  695. goto err;
  696. }
  697. contlen = BIO_get_mem_data(btmp, &cont);
  698. /*
  699. * Mark the BIO read only then we can use its copy of the data
  700. * instead of making an extra copy.
  701. */
  702. BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
  703. BIO_set_mem_eof_return(btmp, 0);
  704. ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
  705. }
  706. }
  707. ret = 1;
  708. err:
  709. EVP_MD_CTX_free(ctx_tmp);
  710. return (ret);
  711. }
  712. int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
  713. {
  714. EVP_MD_CTX *mctx;
  715. EVP_PKEY_CTX *pctx;
  716. unsigned char *abuf = NULL;
  717. int alen;
  718. size_t siglen;
  719. const EVP_MD *md = NULL;
  720. md = EVP_get_digestbyobj(si->digest_alg->algorithm);
  721. if (md == NULL)
  722. return 0;
  723. mctx = EVP_MD_CTX_new();
  724. if (mctx == NULL) {
  725. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE);
  726. goto err;
  727. }
  728. if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
  729. goto err;
  730. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
  731. EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
  732. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
  733. goto err;
  734. }
  735. alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
  736. ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
  737. if (!abuf)
  738. goto err;
  739. if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
  740. goto err;
  741. OPENSSL_free(abuf);
  742. abuf = NULL;
  743. if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
  744. goto err;
  745. abuf = OPENSSL_malloc(siglen);
  746. if (abuf == NULL)
  747. goto err;
  748. if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
  749. goto err;
  750. if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
  751. EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
  752. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
  753. goto err;
  754. }
  755. EVP_MD_CTX_free(mctx);
  756. ASN1_STRING_set0(si->enc_digest, abuf, siglen);
  757. return 1;
  758. err:
  759. OPENSSL_free(abuf);
  760. EVP_MD_CTX_free(mctx);
  761. return 0;
  762. }
  763. int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
  764. PKCS7 *p7, PKCS7_SIGNER_INFO *si)
  765. {
  766. PKCS7_ISSUER_AND_SERIAL *ias;
  767. int ret = 0, i;
  768. STACK_OF(X509) *cert;
  769. X509 *x509;
  770. if (p7 == NULL) {
  771. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
  772. return 0;
  773. }
  774. if (p7->d.ptr == NULL) {
  775. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
  776. return 0;
  777. }
  778. if (PKCS7_type_is_signed(p7)) {
  779. cert = p7->d.sign->cert;
  780. } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
  781. cert = p7->d.signed_and_enveloped->cert;
  782. } else {
  783. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
  784. goto err;
  785. }
  786. /* XXXXXXXXXXXXXXXXXXXXXXX */
  787. ias = si->issuer_and_serial;
  788. x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
  789. /* were we able to find the cert in passed to us */
  790. if (x509 == NULL) {
  791. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
  792. PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
  793. goto err;
  794. }
  795. /* Lets verify */
  796. if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
  797. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
  798. goto err;
  799. }
  800. X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
  801. i = X509_verify_cert(ctx);
  802. if (i <= 0) {
  803. PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
  804. X509_STORE_CTX_cleanup(ctx);
  805. goto err;
  806. }
  807. X509_STORE_CTX_cleanup(ctx);
  808. return PKCS7_signatureVerify(bio, p7, si, x509);
  809. err:
  810. return ret;
  811. }
  812. int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
  813. X509 *x509)
  814. {
  815. ASN1_OCTET_STRING *os;
  816. EVP_MD_CTX *mdc_tmp, *mdc;
  817. int ret = 0, i;
  818. int md_type;
  819. STACK_OF(X509_ATTRIBUTE) *sk;
  820. BIO *btmp;
  821. EVP_PKEY *pkey;
  822. mdc_tmp = EVP_MD_CTX_new();
  823. if (mdc_tmp == NULL) {
  824. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE);
  825. goto err;
  826. }
  827. if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
  828. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
  829. goto err;
  830. }
  831. md_type = OBJ_obj2nid(si->digest_alg->algorithm);
  832. btmp = bio;
  833. for (;;) {
  834. if ((btmp == NULL) ||
  835. ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
  836. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
  837. PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
  838. goto err;
  839. }
  840. BIO_get_md_ctx(btmp, &mdc);
  841. if (mdc == NULL) {
  842. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
  843. goto err;
  844. }
  845. if (EVP_MD_CTX_type(mdc) == md_type)
  846. break;
  847. /*
  848. * Workaround for some broken clients that put the signature OID
  849. * instead of the digest OID in digest_alg->algorithm
  850. */
  851. if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
  852. break;
  853. btmp = BIO_next(btmp);
  854. }
  855. /*
  856. * mdc is the digest ctx that we want, unless there are attributes, in
  857. * which case the digest is the signed attributes
  858. */
  859. if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
  860. goto err;
  861. sk = si->auth_attr;
  862. if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
  863. unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
  864. unsigned int md_len;
  865. int alen;
  866. ASN1_OCTET_STRING *message_digest;
  867. if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
  868. goto err;
  869. message_digest = PKCS7_digest_from_attributes(sk);
  870. if (!message_digest) {
  871. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
  872. PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
  873. goto err;
  874. }
  875. if ((message_digest->length != (int)md_len) ||
  876. (memcmp(message_digest->data, md_dat, md_len))) {
  877. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
  878. ret = -1;
  879. goto err;
  880. }
  881. if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
  882. goto err;
  883. alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
  884. ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
  885. if (alen <= 0) {
  886. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
  887. ret = -1;
  888. goto err;
  889. }
  890. if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
  891. goto err;
  892. OPENSSL_free(abuf);
  893. }
  894. os = si->enc_digest;
  895. pkey = X509_get0_pubkey(x509);
  896. if (!pkey) {
  897. ret = -1;
  898. goto err;
  899. }
  900. i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
  901. if (i <= 0) {
  902. PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
  903. ret = -1;
  904. goto err;
  905. }
  906. ret = 1;
  907. err:
  908. EVP_MD_CTX_free(mdc_tmp);
  909. return (ret);
  910. }
  911. PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
  912. {
  913. STACK_OF(PKCS7_RECIP_INFO) *rsk;
  914. PKCS7_RECIP_INFO *ri;
  915. int i;
  916. i = OBJ_obj2nid(p7->type);
  917. if (i != NID_pkcs7_signedAndEnveloped)
  918. return NULL;
  919. if (p7->d.signed_and_enveloped == NULL)
  920. return NULL;
  921. rsk = p7->d.signed_and_enveloped->recipientinfo;
  922. if (rsk == NULL)
  923. return NULL;
  924. if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
  925. return (NULL);
  926. ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
  927. return (ri->issuer_and_serial);
  928. }
  929. ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
  930. {
  931. return (get_attribute(si->auth_attr, nid));
  932. }
  933. ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
  934. {
  935. return (get_attribute(si->unauth_attr, nid));
  936. }
  937. static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
  938. {
  939. int idx;
  940. X509_ATTRIBUTE *xa;
  941. idx = X509at_get_attr_by_NID(sk, nid, -1);
  942. xa = X509at_get_attr(sk, idx);
  943. return X509_ATTRIBUTE_get0_type(xa, 0);
  944. }
  945. ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
  946. {
  947. ASN1_TYPE *astype;
  948. if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
  949. return NULL;
  950. return astype->value.octet_string;
  951. }
  952. int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
  953. STACK_OF(X509_ATTRIBUTE) *sk)
  954. {
  955. int i;
  956. sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
  957. p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
  958. if (p7si->auth_attr == NULL)
  959. return 0;
  960. for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
  961. if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
  962. X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
  963. (sk, i))))
  964. == NULL)
  965. return (0);
  966. }
  967. return (1);
  968. }
  969. int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
  970. STACK_OF(X509_ATTRIBUTE) *sk)
  971. {
  972. int i;
  973. sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
  974. p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
  975. if (p7si->unauth_attr == NULL)
  976. return 0;
  977. for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
  978. if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
  979. X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
  980. (sk, i))))
  981. == NULL)
  982. return (0);
  983. }
  984. return (1);
  985. }
  986. int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
  987. void *value)
  988. {
  989. return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
  990. }
  991. int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
  992. void *value)
  993. {
  994. return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
  995. }
  996. static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
  997. void *value)
  998. {
  999. X509_ATTRIBUTE *attr = NULL;
  1000. if (*sk == NULL) {
  1001. if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
  1002. return 0;
  1003. new_attrib:
  1004. if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL)
  1005. return 0;
  1006. if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
  1007. X509_ATTRIBUTE_free(attr);
  1008. return 0;
  1009. }
  1010. } else {
  1011. int i;
  1012. for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
  1013. attr = sk_X509_ATTRIBUTE_value(*sk, i);
  1014. if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
  1015. X509_ATTRIBUTE_free(attr);
  1016. attr = X509_ATTRIBUTE_create(nid, atrtype, value);
  1017. if (attr == NULL)
  1018. return 0;
  1019. if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
  1020. X509_ATTRIBUTE_free(attr);
  1021. return 0;
  1022. }
  1023. goto end;
  1024. }
  1025. }
  1026. goto new_attrib;
  1027. }
  1028. end:
  1029. return (1);
  1030. }