pk7_lib.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658
  1. /*
  2. * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/objects.h>
  12. #include <openssl/x509.h>
  13. #include "crypto/asn1.h"
  14. #include "crypto/evp.h"
  15. #include "crypto/x509.h" /* for sk_X509_add1_cert() */
  16. #include "pk7_local.h"
  17. long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
  18. {
  19. int nid;
  20. long ret;
  21. nid = OBJ_obj2nid(p7->type);
  22. switch (cmd) {
  23. /* NOTE(emilia): does not support detached digested data. */
  24. case PKCS7_OP_SET_DETACHED_SIGNATURE:
  25. if (nid == NID_pkcs7_signed) {
  26. ret = p7->detached = (int)larg;
  27. if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
  28. ASN1_OCTET_STRING *os;
  29. os = p7->d.sign->contents->d.data;
  30. ASN1_OCTET_STRING_free(os);
  31. p7->d.sign->contents->d.data = NULL;
  32. }
  33. } else {
  34. PKCS7err(PKCS7_F_PKCS7_CTRL,
  35. PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
  36. ret = 0;
  37. }
  38. break;
  39. case PKCS7_OP_GET_DETACHED_SIGNATURE:
  40. if (nid == NID_pkcs7_signed) {
  41. if (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL)
  42. ret = 1;
  43. else
  44. ret = 0;
  45. p7->detached = ret;
  46. } else {
  47. PKCS7err(PKCS7_F_PKCS7_CTRL,
  48. PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
  49. ret = 0;
  50. }
  51. break;
  52. default:
  53. PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
  54. ret = 0;
  55. }
  56. return ret;
  57. }
  58. int PKCS7_content_new(PKCS7 *p7, int type)
  59. {
  60. PKCS7 *ret = NULL;
  61. if ((ret = PKCS7_new()) == NULL)
  62. goto err;
  63. if (!PKCS7_set_type(ret, type))
  64. goto err;
  65. if (!PKCS7_set_content(p7, ret))
  66. goto err;
  67. return 1;
  68. err:
  69. PKCS7_free(ret);
  70. return 0;
  71. }
  72. int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
  73. {
  74. int i;
  75. i = OBJ_obj2nid(p7->type);
  76. switch (i) {
  77. case NID_pkcs7_signed:
  78. PKCS7_free(p7->d.sign->contents);
  79. p7->d.sign->contents = p7_data;
  80. break;
  81. case NID_pkcs7_digest:
  82. PKCS7_free(p7->d.digest->contents);
  83. p7->d.digest->contents = p7_data;
  84. break;
  85. case NID_pkcs7_data:
  86. case NID_pkcs7_enveloped:
  87. case NID_pkcs7_signedAndEnveloped:
  88. case NID_pkcs7_encrypted:
  89. default:
  90. PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  91. goto err;
  92. }
  93. return 1;
  94. err:
  95. return 0;
  96. }
  97. int PKCS7_set_type(PKCS7 *p7, int type)
  98. {
  99. ASN1_OBJECT *obj;
  100. /*
  101. * PKCS7_content_free(p7);
  102. */
  103. obj = OBJ_nid2obj(type); /* will not fail */
  104. switch (type) {
  105. case NID_pkcs7_signed:
  106. p7->type = obj;
  107. if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
  108. goto err;
  109. if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
  110. PKCS7_SIGNED_free(p7->d.sign);
  111. p7->d.sign = NULL;
  112. goto err;
  113. }
  114. break;
  115. case NID_pkcs7_data:
  116. p7->type = obj;
  117. if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL)
  118. goto err;
  119. break;
  120. case NID_pkcs7_signedAndEnveloped:
  121. p7->type = obj;
  122. if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
  123. == NULL)
  124. goto err;
  125. if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
  126. goto err;
  127. p7->d.signed_and_enveloped->enc_data->content_type
  128. = OBJ_nid2obj(NID_pkcs7_data);
  129. break;
  130. case NID_pkcs7_enveloped:
  131. p7->type = obj;
  132. if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
  133. == NULL)
  134. goto err;
  135. if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
  136. goto err;
  137. p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
  138. break;
  139. case NID_pkcs7_encrypted:
  140. p7->type = obj;
  141. if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
  142. == NULL)
  143. goto err;
  144. if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
  145. goto err;
  146. p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
  147. break;
  148. case NID_pkcs7_digest:
  149. p7->type = obj;
  150. if ((p7->d.digest = PKCS7_DIGEST_new())
  151. == NULL)
  152. goto err;
  153. if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
  154. goto err;
  155. break;
  156. default:
  157. PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
  158. goto err;
  159. }
  160. return 1;
  161. err:
  162. return 0;
  163. }
  164. int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
  165. {
  166. p7->type = OBJ_nid2obj(type);
  167. p7->d.other = other;
  168. return 1;
  169. }
  170. int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
  171. {
  172. int i, j, nid;
  173. X509_ALGOR *alg;
  174. STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
  175. STACK_OF(X509_ALGOR) *md_sk;
  176. i = OBJ_obj2nid(p7->type);
  177. switch (i) {
  178. case NID_pkcs7_signed:
  179. signer_sk = p7->d.sign->signer_info;
  180. md_sk = p7->d.sign->md_algs;
  181. break;
  182. case NID_pkcs7_signedAndEnveloped:
  183. signer_sk = p7->d.signed_and_enveloped->signer_info;
  184. md_sk = p7->d.signed_and_enveloped->md_algs;
  185. break;
  186. default:
  187. PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
  188. return 0;
  189. }
  190. nid = OBJ_obj2nid(psi->digest_alg->algorithm);
  191. /* If the digest is not currently listed, add it */
  192. j = 0;
  193. for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
  194. alg = sk_X509_ALGOR_value(md_sk, i);
  195. if (OBJ_obj2nid(alg->algorithm) == nid) {
  196. j = 1;
  197. break;
  198. }
  199. }
  200. if (!j) { /* we need to add another algorithm */
  201. if ((alg = X509_ALGOR_new()) == NULL
  202. || (alg->parameter = ASN1_TYPE_new()) == NULL) {
  203. X509_ALGOR_free(alg);
  204. PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
  205. return 0;
  206. }
  207. alg->algorithm = OBJ_nid2obj(nid);
  208. alg->parameter->type = V_ASN1_NULL;
  209. if (!sk_X509_ALGOR_push(md_sk, alg)) {
  210. X509_ALGOR_free(alg);
  211. return 0;
  212. }
  213. }
  214. psi->ctx = pkcs7_get0_ctx(p7);
  215. if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
  216. return 0;
  217. return 1;
  218. }
  219. int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
  220. {
  221. int i;
  222. STACK_OF(X509) **sk;
  223. i = OBJ_obj2nid(p7->type);
  224. switch (i) {
  225. case NID_pkcs7_signed:
  226. sk = &(p7->d.sign->cert);
  227. break;
  228. case NID_pkcs7_signedAndEnveloped:
  229. sk = &(p7->d.signed_and_enveloped->cert);
  230. break;
  231. default:
  232. PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
  233. return 0;
  234. }
  235. return X509_add_cert_new(sk, x509, X509_ADD_FLAG_UP_REF);
  236. }
  237. int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
  238. {
  239. int i;
  240. STACK_OF(X509_CRL) **sk;
  241. i = OBJ_obj2nid(p7->type);
  242. switch (i) {
  243. case NID_pkcs7_signed:
  244. sk = &(p7->d.sign->crl);
  245. break;
  246. case NID_pkcs7_signedAndEnveloped:
  247. sk = &(p7->d.signed_and_enveloped->crl);
  248. break;
  249. default:
  250. PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
  251. return 0;
  252. }
  253. if (*sk == NULL)
  254. *sk = sk_X509_CRL_new_null();
  255. if (*sk == NULL) {
  256. PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
  257. return 0;
  258. }
  259. X509_CRL_up_ref(crl);
  260. if (!sk_X509_CRL_push(*sk, crl)) {
  261. X509_CRL_free(crl);
  262. return 0;
  263. }
  264. return 1;
  265. }
  266. int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
  267. const EVP_MD *dgst)
  268. {
  269. int ret;
  270. /* We now need to add another PKCS7_SIGNER_INFO entry */
  271. if (!ASN1_INTEGER_set(p7i->version, 1))
  272. goto err;
  273. if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
  274. X509_get_issuer_name(x509)))
  275. goto err;
  276. /*
  277. * because ASN1_INTEGER_set is used to set a 'long' we will do things the
  278. * ugly way.
  279. */
  280. ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
  281. if (!(p7i->issuer_and_serial->serial =
  282. ASN1_INTEGER_dup(X509_get0_serialNumber(x509))))
  283. goto err;
  284. /*
  285. * TODO(3.0) Adapt for provider-native keys
  286. * Meanwhile, we downgrade the key.
  287. * #legacy
  288. */
  289. if (!evp_pkey_downgrade(pkey)) {
  290. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
  291. PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  292. goto err;
  293. }
  294. /* lets keep the pkey around for a while */
  295. EVP_PKEY_up_ref(pkey);
  296. p7i->pkey = pkey;
  297. /* Set the algorithms */
  298. X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
  299. V_ASN1_NULL, NULL);
  300. if (pkey->ameth && pkey->ameth->pkey_ctrl) {
  301. ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i);
  302. if (ret > 0)
  303. return 1;
  304. if (ret != -2) {
  305. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
  306. PKCS7_R_SIGNING_CTRL_FAILURE);
  307. return 0;
  308. }
  309. }
  310. PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
  311. PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  312. err:
  313. return 0;
  314. }
  315. PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
  316. const EVP_MD *dgst)
  317. {
  318. PKCS7_SIGNER_INFO *si = NULL;
  319. if (dgst == NULL) {
  320. int def_nid;
  321. if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
  322. goto err;
  323. dgst = EVP_get_digestbynid(def_nid);
  324. if (dgst == NULL) {
  325. PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, PKCS7_R_NO_DEFAULT_DIGEST);
  326. goto err;
  327. }
  328. }
  329. if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
  330. goto err;
  331. if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
  332. goto err;
  333. if (!PKCS7_add_signer(p7, si))
  334. goto err;
  335. return si;
  336. err:
  337. PKCS7_SIGNER_INFO_free(si);
  338. return NULL;
  339. }
  340. static STACK_OF(X509) *pkcs7_get_signer_certs(const PKCS7 *p7)
  341. {
  342. if (PKCS7_type_is_signed(p7))
  343. return p7->d.sign->cert;
  344. if (PKCS7_type_is_signedAndEnveloped(p7))
  345. return p7->d.signed_and_enveloped->cert;
  346. return NULL;
  347. }
  348. static STACK_OF(PKCS7_RECIP_INFO) *pkcs7_get_recipient_info(const PKCS7 *p7)
  349. {
  350. if (PKCS7_type_is_signedAndEnveloped(p7))
  351. return p7->d.signed_and_enveloped->recipientinfo;
  352. if (PKCS7_type_is_enveloped(p7))
  353. return p7->d.enveloped->recipientinfo;
  354. return NULL;
  355. }
  356. /*
  357. * Set up the library context into any loaded structure that needs it.
  358. * i.e loaded X509 objects.
  359. */
  360. void pkcs7_resolve_libctx(PKCS7 *p7)
  361. {
  362. int i;
  363. const PKCS7_CTX *ctx = pkcs7_get0_ctx(p7);
  364. STACK_OF(PKCS7_RECIP_INFO) *rinfos = pkcs7_get_recipient_info(p7);
  365. STACK_OF(PKCS7_SIGNER_INFO) *sinfos = PKCS7_get_signer_info(p7);
  366. STACK_OF(X509) *certs = pkcs7_get_signer_certs(p7);
  367. if (ctx == NULL)
  368. return;
  369. for (i = 0; i < sk_X509_num(certs); i++)
  370. x509_set0_libctx(sk_X509_value(certs, i), ctx->libctx, ctx->propq);
  371. for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rinfos); i++) {
  372. PKCS7_RECIP_INFO *ri = sk_PKCS7_RECIP_INFO_value(rinfos, i);
  373. x509_set0_libctx(ri->cert, ctx->libctx, ctx->propq);
  374. }
  375. for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
  376. PKCS7_SIGNER_INFO *si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
  377. if (si != NULL)
  378. si->ctx = ctx;
  379. }
  380. }
  381. const PKCS7_CTX *pkcs7_get0_ctx(const PKCS7 *p7)
  382. {
  383. return p7 != NULL ? &p7->ctx : NULL;
  384. }
  385. OPENSSL_CTX *pkcs7_ctx_get0_libctx(const PKCS7_CTX *ctx)
  386. {
  387. return ctx != NULL ? ctx->libctx : NULL;
  388. }
  389. const char *pkcs7_ctx_get0_propq(const PKCS7_CTX *ctx)
  390. {
  391. return ctx != NULL ? ctx->propq : NULL;
  392. }
  393. int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
  394. {
  395. if (PKCS7_type_is_digest(p7)) {
  396. if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) {
  397. PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE);
  398. return 0;
  399. }
  400. p7->d.digest->md->parameter->type = V_ASN1_NULL;
  401. p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
  402. return 1;
  403. }
  404. PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
  405. return 1;
  406. }
  407. STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
  408. {
  409. if (p7 == NULL || p7->d.ptr == NULL)
  410. return NULL;
  411. if (PKCS7_type_is_signed(p7)) {
  412. return p7->d.sign->signer_info;
  413. } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
  414. return p7->d.signed_and_enveloped->signer_info;
  415. } else
  416. return NULL;
  417. }
  418. void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
  419. X509_ALGOR **pdig, X509_ALGOR **psig)
  420. {
  421. if (pk)
  422. *pk = si->pkey;
  423. if (pdig)
  424. *pdig = si->digest_alg;
  425. if (psig)
  426. *psig = si->digest_enc_alg;
  427. }
  428. void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
  429. {
  430. if (penc)
  431. *penc = ri->key_enc_algor;
  432. }
  433. PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
  434. {
  435. PKCS7_RECIP_INFO *ri;
  436. if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
  437. goto err;
  438. if (!PKCS7_RECIP_INFO_set(ri, x509))
  439. goto err;
  440. if (!PKCS7_add_recipient_info(p7, ri))
  441. goto err;
  442. ri->ctx = pkcs7_get0_ctx(p7);
  443. return ri;
  444. err:
  445. PKCS7_RECIP_INFO_free(ri);
  446. return NULL;
  447. }
  448. int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
  449. {
  450. int i;
  451. STACK_OF(PKCS7_RECIP_INFO) *sk;
  452. i = OBJ_obj2nid(p7->type);
  453. switch (i) {
  454. case NID_pkcs7_signedAndEnveloped:
  455. sk = p7->d.signed_and_enveloped->recipientinfo;
  456. break;
  457. case NID_pkcs7_enveloped:
  458. sk = p7->d.enveloped->recipientinfo;
  459. break;
  460. default:
  461. PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
  462. PKCS7_R_WRONG_CONTENT_TYPE);
  463. return 0;
  464. }
  465. if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
  466. return 0;
  467. return 1;
  468. }
  469. int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
  470. {
  471. int ret;
  472. EVP_PKEY *pkey = NULL;
  473. if (!ASN1_INTEGER_set(p7i->version, 0))
  474. return 0;
  475. if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
  476. X509_get_issuer_name(x509)))
  477. return 0;
  478. ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
  479. if (!(p7i->issuer_and_serial->serial =
  480. ASN1_INTEGER_dup(X509_get0_serialNumber(x509))))
  481. return 0;
  482. pkey = X509_get0_pubkey(x509);
  483. if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
  484. PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
  485. PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  486. goto err;
  487. }
  488. ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i);
  489. if (ret == -2) {
  490. PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
  491. PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
  492. goto err;
  493. }
  494. if (ret <= 0) {
  495. PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
  496. PKCS7_R_ENCRYPTION_CTRL_FAILURE);
  497. goto err;
  498. }
  499. X509_up_ref(x509);
  500. p7i->cert = x509;
  501. return 1;
  502. err:
  503. return 0;
  504. }
  505. X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
  506. {
  507. if (PKCS7_type_is_signed(p7))
  508. return (X509_find_by_issuer_and_serial(p7->d.sign->cert,
  509. si->issuer_and_serial->issuer,
  510. si->
  511. issuer_and_serial->serial));
  512. else
  513. return NULL;
  514. }
  515. int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
  516. {
  517. int i;
  518. PKCS7_ENC_CONTENT *ec;
  519. i = OBJ_obj2nid(p7->type);
  520. switch (i) {
  521. case NID_pkcs7_signedAndEnveloped:
  522. ec = p7->d.signed_and_enveloped->enc_data;
  523. break;
  524. case NID_pkcs7_enveloped:
  525. ec = p7->d.enveloped->enc_data;
  526. break;
  527. default:
  528. PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
  529. return 0;
  530. }
  531. /* Check cipher OID exists and has data in it */
  532. i = EVP_CIPHER_type(cipher);
  533. if (i == NID_undef) {
  534. PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
  535. PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
  536. return 0;
  537. }
  538. ec->cipher = cipher;
  539. ec->ctx = pkcs7_get0_ctx(p7);
  540. return 1;
  541. }
  542. /* unfortunately cannot constify BIO_new_NDEF() due to this and CMS_stream() */
  543. int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
  544. {
  545. ASN1_OCTET_STRING *os = NULL;
  546. switch (OBJ_obj2nid(p7->type)) {
  547. case NID_pkcs7_data:
  548. os = p7->d.data;
  549. break;
  550. case NID_pkcs7_signedAndEnveloped:
  551. os = p7->d.signed_and_enveloped->enc_data->enc_data;
  552. if (os == NULL) {
  553. os = ASN1_OCTET_STRING_new();
  554. p7->d.signed_and_enveloped->enc_data->enc_data = os;
  555. }
  556. break;
  557. case NID_pkcs7_enveloped:
  558. os = p7->d.enveloped->enc_data->enc_data;
  559. if (os == NULL) {
  560. os = ASN1_OCTET_STRING_new();
  561. p7->d.enveloped->enc_data->enc_data = os;
  562. }
  563. break;
  564. case NID_pkcs7_signed:
  565. os = p7->d.sign->contents->d.data;
  566. break;
  567. default:
  568. os = NULL;
  569. break;
  570. }
  571. if (os == NULL)
  572. return 0;
  573. os->flags |= ASN1_STRING_FLAG_NDEF;
  574. *boundary = &os->data;
  575. return 1;
  576. }