2
0

pk7_lib.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640
  1. /* crypto/pkcs7/pk7_lib.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include "internal/cryptlib.h"
  60. #include <openssl/objects.h>
  61. #include <openssl/x509.h>
  62. #include "internal/asn1_int.h"
  63. long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
  64. {
  65. int nid;
  66. long ret;
  67. nid = OBJ_obj2nid(p7->type);
  68. switch (cmd) {
  69. /* NOTE(emilia): does not support detached digested data. */
  70. case PKCS7_OP_SET_DETACHED_SIGNATURE:
  71. if (nid == NID_pkcs7_signed) {
  72. ret = p7->detached = (int)larg;
  73. if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
  74. ASN1_OCTET_STRING *os;
  75. os = p7->d.sign->contents->d.data;
  76. ASN1_OCTET_STRING_free(os);
  77. p7->d.sign->contents->d.data = NULL;
  78. }
  79. } else {
  80. PKCS7err(PKCS7_F_PKCS7_CTRL,
  81. PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
  82. ret = 0;
  83. }
  84. break;
  85. case PKCS7_OP_GET_DETACHED_SIGNATURE:
  86. if (nid == NID_pkcs7_signed) {
  87. if (!p7->d.sign || !p7->d.sign->contents->d.ptr)
  88. ret = 1;
  89. else
  90. ret = 0;
  91. p7->detached = ret;
  92. } else {
  93. PKCS7err(PKCS7_F_PKCS7_CTRL,
  94. PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
  95. ret = 0;
  96. }
  97. break;
  98. default:
  99. PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
  100. ret = 0;
  101. }
  102. return (ret);
  103. }
  104. int PKCS7_content_new(PKCS7 *p7, int type)
  105. {
  106. PKCS7 *ret = NULL;
  107. if ((ret = PKCS7_new()) == NULL)
  108. goto err;
  109. if (!PKCS7_set_type(ret, type))
  110. goto err;
  111. if (!PKCS7_set_content(p7, ret))
  112. goto err;
  113. return (1);
  114. err:
  115. PKCS7_free(ret);
  116. return (0);
  117. }
  118. int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
  119. {
  120. int i;
  121. i = OBJ_obj2nid(p7->type);
  122. switch (i) {
  123. case NID_pkcs7_signed:
  124. PKCS7_free(p7->d.sign->contents);
  125. p7->d.sign->contents = p7_data;
  126. break;
  127. case NID_pkcs7_digest:
  128. PKCS7_free(p7->d.digest->contents);
  129. p7->d.digest->contents = p7_data;
  130. break;
  131. case NID_pkcs7_data:
  132. case NID_pkcs7_enveloped:
  133. case NID_pkcs7_signedAndEnveloped:
  134. case NID_pkcs7_encrypted:
  135. default:
  136. PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  137. goto err;
  138. }
  139. return (1);
  140. err:
  141. return (0);
  142. }
  143. int PKCS7_set_type(PKCS7 *p7, int type)
  144. {
  145. ASN1_OBJECT *obj;
  146. /*
  147. * PKCS7_content_free(p7);
  148. */
  149. obj = OBJ_nid2obj(type); /* will not fail */
  150. switch (type) {
  151. case NID_pkcs7_signed:
  152. p7->type = obj;
  153. if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
  154. goto err;
  155. if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
  156. PKCS7_SIGNED_free(p7->d.sign);
  157. p7->d.sign = NULL;
  158. goto err;
  159. }
  160. break;
  161. case NID_pkcs7_data:
  162. p7->type = obj;
  163. if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL)
  164. goto err;
  165. break;
  166. case NID_pkcs7_signedAndEnveloped:
  167. p7->type = obj;
  168. if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
  169. == NULL)
  170. goto err;
  171. ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1);
  172. if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
  173. goto err;
  174. p7->d.signed_and_enveloped->enc_data->content_type
  175. = OBJ_nid2obj(NID_pkcs7_data);
  176. break;
  177. case NID_pkcs7_enveloped:
  178. p7->type = obj;
  179. if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
  180. == NULL)
  181. goto err;
  182. if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
  183. goto err;
  184. p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
  185. break;
  186. case NID_pkcs7_encrypted:
  187. p7->type = obj;
  188. if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
  189. == NULL)
  190. goto err;
  191. if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
  192. goto err;
  193. p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
  194. break;
  195. case NID_pkcs7_digest:
  196. p7->type = obj;
  197. if ((p7->d.digest = PKCS7_DIGEST_new())
  198. == NULL)
  199. goto err;
  200. if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
  201. goto err;
  202. break;
  203. default:
  204. PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  205. goto err;
  206. }
  207. return (1);
  208. err:
  209. return (0);
  210. }
  211. int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
  212. {
  213. p7->type = OBJ_nid2obj(type);
  214. p7->d.other = other;
  215. return 1;
  216. }
  217. int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
  218. {
  219. int i, j, nid;
  220. X509_ALGOR *alg;
  221. STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
  222. STACK_OF(X509_ALGOR) *md_sk;
  223. i = OBJ_obj2nid(p7->type);
  224. switch (i) {
  225. case NID_pkcs7_signed:
  226. signer_sk = p7->d.sign->signer_info;
  227. md_sk = p7->d.sign->md_algs;
  228. break;
  229. case NID_pkcs7_signedAndEnveloped:
  230. signer_sk = p7->d.signed_and_enveloped->signer_info;
  231. md_sk = p7->d.signed_and_enveloped->md_algs;
  232. break;
  233. default:
  234. PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
  235. return (0);
  236. }
  237. nid = OBJ_obj2nid(psi->digest_alg->algorithm);
  238. /* If the digest is not currently listed, add it */
  239. j = 0;
  240. for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
  241. alg = sk_X509_ALGOR_value(md_sk, i);
  242. if (OBJ_obj2nid(alg->algorithm) == nid) {
  243. j = 1;
  244. break;
  245. }
  246. }
  247. if (!j) { /* we need to add another algorithm */
  248. if ((alg = X509_ALGOR_new()) == NULL
  249. || (alg->parameter = ASN1_TYPE_new()) == NULL) {
  250. X509_ALGOR_free(alg);
  251. PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
  252. return (0);
  253. }
  254. alg->algorithm = OBJ_nid2obj(nid);
  255. alg->parameter->type = V_ASN1_NULL;
  256. if (!sk_X509_ALGOR_push(md_sk, alg)) {
  257. X509_ALGOR_free(alg);
  258. return 0;
  259. }
  260. }
  261. if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
  262. return 0;
  263. return (1);
  264. }
  265. int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
  266. {
  267. int i;
  268. STACK_OF(X509) **sk;
  269. i = OBJ_obj2nid(p7->type);
  270. switch (i) {
  271. case NID_pkcs7_signed:
  272. sk = &(p7->d.sign->cert);
  273. break;
  274. case NID_pkcs7_signedAndEnveloped:
  275. sk = &(p7->d.signed_and_enveloped->cert);
  276. break;
  277. default:
  278. PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
  279. return (0);
  280. }
  281. if (*sk == NULL)
  282. *sk = sk_X509_new_null();
  283. if (*sk == NULL) {
  284. PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
  285. return 0;
  286. }
  287. CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
  288. if (!sk_X509_push(*sk, x509)) {
  289. X509_free(x509);
  290. return 0;
  291. }
  292. return (1);
  293. }
  294. int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
  295. {
  296. int i;
  297. STACK_OF(X509_CRL) **sk;
  298. i = OBJ_obj2nid(p7->type);
  299. switch (i) {
  300. case NID_pkcs7_signed:
  301. sk = &(p7->d.sign->crl);
  302. break;
  303. case NID_pkcs7_signedAndEnveloped:
  304. sk = &(p7->d.signed_and_enveloped->crl);
  305. break;
  306. default:
  307. PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
  308. return (0);
  309. }
  310. if (*sk == NULL)
  311. *sk = sk_X509_CRL_new_null();
  312. if (*sk == NULL) {
  313. PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
  314. return 0;
  315. }
  316. CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
  317. if (!sk_X509_CRL_push(*sk, crl)) {
  318. X509_CRL_free(crl);
  319. return 0;
  320. }
  321. return (1);
  322. }
  323. int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
  324. const EVP_MD *dgst)
  325. {
  326. int ret;
  327. /* We now need to add another PKCS7_SIGNER_INFO entry */
  328. if (!ASN1_INTEGER_set(p7i->version, 1))
  329. goto err;
  330. if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
  331. X509_get_issuer_name(x509)))
  332. goto err;
  333. /*
  334. * because ASN1_INTEGER_set is used to set a 'long' we will do things the
  335. * ugly way.
  336. */
  337. ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
  338. if (!(p7i->issuer_and_serial->serial =
  339. ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
  340. goto err;
  341. /* lets keep the pkey around for a while */
  342. CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
  343. p7i->pkey = pkey;
  344. /* Set the algorithms */
  345. X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
  346. V_ASN1_NULL, NULL);
  347. if (pkey->ameth && pkey->ameth->pkey_ctrl) {
  348. ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i);
  349. if (ret > 0)
  350. return 1;
  351. if (ret != -2) {
  352. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
  353. PKCS7_R_SIGNING_CTRL_FAILURE);
  354. return 0;
  355. }
  356. }
  357. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
  358. PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  359. err:
  360. return 0;
  361. }
  362. PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
  363. const EVP_MD *dgst)
  364. {
  365. PKCS7_SIGNER_INFO *si = NULL;
  366. if (dgst == NULL) {
  367. int def_nid;
  368. if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
  369. goto err;
  370. dgst = EVP_get_digestbynid(def_nid);
  371. if (dgst == NULL) {
  372. PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, PKCS7_R_NO_DEFAULT_DIGEST);
  373. goto err;
  374. }
  375. }
  376. if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
  377. goto err;
  378. if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
  379. goto err;
  380. if (!PKCS7_add_signer(p7, si))
  381. goto err;
  382. return (si);
  383. err:
  384. PKCS7_SIGNER_INFO_free(si);
  385. return (NULL);
  386. }
  387. int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
  388. {
  389. if (PKCS7_type_is_digest(p7)) {
  390. if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) {
  391. PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE);
  392. return 0;
  393. }
  394. p7->d.digest->md->parameter->type = V_ASN1_NULL;
  395. p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
  396. return 1;
  397. }
  398. PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
  399. return 1;
  400. }
  401. STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
  402. {
  403. if (p7 == NULL || p7->d.ptr == NULL)
  404. return NULL;
  405. if (PKCS7_type_is_signed(p7)) {
  406. return (p7->d.sign->signer_info);
  407. } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
  408. return (p7->d.signed_and_enveloped->signer_info);
  409. } else
  410. return (NULL);
  411. }
  412. void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
  413. X509_ALGOR **pdig, X509_ALGOR **psig)
  414. {
  415. if (pk)
  416. *pk = si->pkey;
  417. if (pdig)
  418. *pdig = si->digest_alg;
  419. if (psig)
  420. *psig = si->digest_enc_alg;
  421. }
  422. void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
  423. {
  424. if (penc)
  425. *penc = ri->key_enc_algor;
  426. }
  427. PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
  428. {
  429. PKCS7_RECIP_INFO *ri;
  430. if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
  431. goto err;
  432. if (!PKCS7_RECIP_INFO_set(ri, x509))
  433. goto err;
  434. if (!PKCS7_add_recipient_info(p7, ri))
  435. goto err;
  436. return ri;
  437. err:
  438. PKCS7_RECIP_INFO_free(ri);
  439. return NULL;
  440. }
  441. int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
  442. {
  443. int i;
  444. STACK_OF(PKCS7_RECIP_INFO) *sk;
  445. i = OBJ_obj2nid(p7->type);
  446. switch (i) {
  447. case NID_pkcs7_signedAndEnveloped:
  448. sk = p7->d.signed_and_enveloped->recipientinfo;
  449. break;
  450. case NID_pkcs7_enveloped:
  451. sk = p7->d.enveloped->recipientinfo;
  452. break;
  453. default:
  454. PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
  455. PKCS7_R_WRONG_CONTENT_TYPE);
  456. return (0);
  457. }
  458. if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
  459. return 0;
  460. return (1);
  461. }
  462. int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
  463. {
  464. int ret;
  465. EVP_PKEY *pkey = NULL;
  466. if (!ASN1_INTEGER_set(p7i->version, 0))
  467. return 0;
  468. if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
  469. X509_get_issuer_name(x509)))
  470. return 0;
  471. ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
  472. if (!(p7i->issuer_and_serial->serial =
  473. ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
  474. return 0;
  475. pkey = X509_get_pubkey(x509);
  476. if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
  477. PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
  478. PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  479. goto err;
  480. }
  481. ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i);
  482. if (ret == -2) {
  483. PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
  484. PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  485. goto err;
  486. }
  487. if (ret <= 0) {
  488. PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
  489. PKCS7_R_ENCRYPTION_CTRL_FAILURE);
  490. goto err;
  491. }
  492. EVP_PKEY_free(pkey);
  493. CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
  494. p7i->cert = x509;
  495. return 1;
  496. err:
  497. EVP_PKEY_free(pkey);
  498. return 0;
  499. }
  500. X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
  501. {
  502. if (PKCS7_type_is_signed(p7))
  503. return (X509_find_by_issuer_and_serial(p7->d.sign->cert,
  504. si->issuer_and_serial->issuer,
  505. si->
  506. issuer_and_serial->serial));
  507. else
  508. return (NULL);
  509. }
  510. int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
  511. {
  512. int i;
  513. PKCS7_ENC_CONTENT *ec;
  514. i = OBJ_obj2nid(p7->type);
  515. switch (i) {
  516. case NID_pkcs7_signedAndEnveloped:
  517. ec = p7->d.signed_and_enveloped->enc_data;
  518. break;
  519. case NID_pkcs7_enveloped:
  520. ec = p7->d.enveloped->enc_data;
  521. break;
  522. default:
  523. PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
  524. return (0);
  525. }
  526. /* Check cipher OID exists and has data in it */
  527. i = EVP_CIPHER_type(cipher);
  528. if (i == NID_undef) {
  529. PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
  530. PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
  531. return (0);
  532. }
  533. ec->cipher = cipher;
  534. return 1;
  535. }
  536. int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
  537. {
  538. ASN1_OCTET_STRING *os = NULL;
  539. switch (OBJ_obj2nid(p7->type)) {
  540. case NID_pkcs7_data:
  541. os = p7->d.data;
  542. break;
  543. case NID_pkcs7_signedAndEnveloped:
  544. os = p7->d.signed_and_enveloped->enc_data->enc_data;
  545. if (os == NULL) {
  546. os = ASN1_OCTET_STRING_new();
  547. p7->d.signed_and_enveloped->enc_data->enc_data = os;
  548. }
  549. break;
  550. case NID_pkcs7_enveloped:
  551. os = p7->d.enveloped->enc_data->enc_data;
  552. if (os == NULL) {
  553. os = ASN1_OCTET_STRING_new();
  554. p7->d.enveloped->enc_data->enc_data = os;
  555. }
  556. break;
  557. case NID_pkcs7_signed:
  558. os = p7->d.sign->contents->d.data;
  559. break;
  560. default:
  561. os = NULL;
  562. break;
  563. }
  564. if (os == NULL)
  565. return 0;
  566. os->flags |= ASN1_STRING_FLAG_NDEF;
  567. *boundary = &os->data;
  568. return 1;
  569. }