]>
Commit | Line | Data |
---|---|---|
62867571 | 1 | /* |
4333b89f | 2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
b7617a3a | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
62867571 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
ec577822 BM |
11 | #include <openssl/rand.h> |
12 | #include <openssl/objects.h> | |
13 | #include <openssl/x509.h> | |
5a9a4b29 | 14 | #include <openssl/x509v3.h> |
8f2e4fdf | 15 | #include <openssl/err.h> |
ad57a13b RL |
16 | #include "internal/cryptlib.h" |
17 | #include "internal/sizes.h" | |
90a1f2d7 | 18 | #include "pk7_local.h" |
d02b48c6 | 19 | |
b6436ff2 | 20 | static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, |
0f113f3e | 21 | void *value); |
63b64f19 | 22 | static ASN1_TYPE *get_attribute(const STACK_OF(X509_ATTRIBUTE) *sk, int nid); |
dfeab068 | 23 | |
db554ae1 | 24 | int PKCS7_type_is_other(PKCS7 *p7) |
0f113f3e MC |
25 | { |
26 | int isOther = 1; | |
27 | ||
28 | int nid = OBJ_obj2nid(p7->type); | |
29 | ||
30 | switch (nid) { | |
31 | case NID_pkcs7_data: | |
32 | case NID_pkcs7_signed: | |
33 | case NID_pkcs7_enveloped: | |
34 | case NID_pkcs7_signedAndEnveloped: | |
35 | case NID_pkcs7_digest: | |
36 | case NID_pkcs7_encrypted: | |
37 | isOther = 0; | |
38 | break; | |
39 | default: | |
40 | isOther = 1; | |
41 | } | |
42 | ||
43 | return isOther; | |
44 | ||
45 | } | |
67fec850 | 46 | |
db554ae1 | 47 | ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) |
0f113f3e MC |
48 | { |
49 | if (PKCS7_type_is_data(p7)) | |
50 | return p7->d.data; | |
51 | if (PKCS7_type_is_other(p7) && p7->d.other | |
52 | && (p7->d.other->type == V_ASN1_OCTET_STRING)) | |
53 | return p7->d.other->value.octet_string; | |
54 | return NULL; | |
55 | } | |
67fec850 | 56 | |
90a1f2d7 SL |
57 | static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, |
58 | const PKCS7_CTX *ctx) | |
0f113f3e MC |
59 | { |
60 | BIO *btmp; | |
ad57a13b | 61 | char name[OSSL_MAX_NAME_SIZE]; |
90a1f2d7 | 62 | EVP_MD *fetched = NULL; |
bd1bbbfe | 63 | const EVP_MD *md; |
90a1f2d7 | 64 | |
0f113f3e | 65 | if ((btmp = BIO_new(BIO_f_md())) == NULL) { |
9311d0c4 | 66 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
67 | goto err; |
68 | } | |
69 | ||
ad57a13b | 70 | OBJ_obj2txt(name, sizeof(name), alg->algorithm, 0); |
bd1bbbfe DB |
71 | |
72 | (void)ERR_set_mark(); | |
681618cf SL |
73 | fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name, |
74 | ossl_pkcs7_ctx_get0_propq(ctx)); | |
bd1bbbfe DB |
75 | if (fetched != NULL) |
76 | md = fetched; | |
77 | else | |
78 | md = EVP_get_digestbyname(name); | |
79 | ||
80 | if (md == NULL) { | |
81 | (void)ERR_clear_last_mark(); | |
9311d0c4 | 82 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE); |
0f113f3e MC |
83 | goto err; |
84 | } | |
bd1bbbfe | 85 | (void)ERR_pop_to_mark(); |
0f113f3e | 86 | |
bd1bbbfe | 87 | BIO_set_md(btmp, md); |
90a1f2d7 | 88 | EVP_MD_free(fetched); |
0f113f3e MC |
89 | if (*pbio == NULL) |
90 | *pbio = btmp; | |
91 | else if (!BIO_push(*pbio, btmp)) { | |
9311d0c4 | 92 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
93 | goto err; |
94 | } | |
95 | btmp = NULL; | |
96 | ||
97 | return 1; | |
98 | ||
99 | err: | |
ca3a82c3 | 100 | BIO_free(btmp); |
0f113f3e | 101 | return 0; |
0f113f3e | 102 | } |
399a6f0b | 103 | |
0f113f3e MC |
104 | static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, |
105 | unsigned char *key, int keylen) | |
106 | { | |
107 | EVP_PKEY_CTX *pctx = NULL; | |
108 | EVP_PKEY *pkey = NULL; | |
109 | unsigned char *ek = NULL; | |
110 | int ret = 0; | |
111 | size_t eklen; | |
90a1f2d7 | 112 | const PKCS7_CTX *ctx = ri->ctx; |
399a6f0b | 113 | |
8382fd3a | 114 | pkey = X509_get0_pubkey(ri->cert); |
12a765a5 | 115 | if (pkey == NULL) |
0f113f3e | 116 | return 0; |
399a6f0b | 117 | |
681618cf SL |
118 | pctx = EVP_PKEY_CTX_new_from_pkey(ossl_pkcs7_ctx_get0_libctx(ctx), pkey, |
119 | ossl_pkcs7_ctx_get0_propq(ctx)); | |
12a765a5 | 120 | if (pctx == NULL) |
0f113f3e | 121 | return 0; |
399a6f0b | 122 | |
0f113f3e MC |
123 | if (EVP_PKEY_encrypt_init(pctx) <= 0) |
124 | goto err; | |
399a6f0b | 125 | |
0f113f3e MC |
126 | if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) |
127 | goto err; | |
399a6f0b | 128 | |
0f113f3e | 129 | ek = OPENSSL_malloc(eklen); |
e077455e | 130 | if (ek == NULL) |
0f113f3e | 131 | goto err; |
399a6f0b | 132 | |
0f113f3e MC |
133 | if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) |
134 | goto err; | |
399a6f0b | 135 | |
0f113f3e MC |
136 | ASN1_STRING_set0(ri->enc_key, ek, eklen); |
137 | ek = NULL; | |
399a6f0b | 138 | |
0f113f3e | 139 | ret = 1; |
399a6f0b | 140 | |
0f113f3e | 141 | err: |
c5ba2d99 | 142 | EVP_PKEY_CTX_free(pctx); |
b548a1f1 | 143 | OPENSSL_free(ek); |
0f113f3e | 144 | return ret; |
399a6f0b | 145 | |
0f113f3e | 146 | } |
399a6f0b | 147 | |
777c47ac | 148 | static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, |
5840ed0c BE |
149 | PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey, |
150 | size_t fixlen) | |
0f113f3e MC |
151 | { |
152 | EVP_PKEY_CTX *pctx = NULL; | |
153 | unsigned char *ek = NULL; | |
154 | size_t eklen; | |
0f113f3e | 155 | int ret = -1; |
90a1f2d7 | 156 | const PKCS7_CTX *ctx = ri->ctx; |
0f113f3e | 157 | |
681618cf SL |
158 | pctx = EVP_PKEY_CTX_new_from_pkey(ossl_pkcs7_ctx_get0_libctx(ctx), pkey, |
159 | ossl_pkcs7_ctx_get0_propq(ctx)); | |
12a765a5 | 160 | if (pctx == NULL) |
0f113f3e MC |
161 | return -1; |
162 | ||
163 | if (EVP_PKEY_decrypt_init(pctx) <= 0) | |
164 | goto err; | |
165 | ||
056dade3 HK |
166 | if (EVP_PKEY_is_a(pkey, "RSA")) |
167 | /* upper layer pkcs7 code incorrectly assumes that a successful RSA | |
168 | * decryption means that the key matches ciphertext (which never | |
169 | * was the case, implicit rejection or not), so to make it work | |
170 | * disable implicit rejection for RSA keys */ | |
171 | EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0"); | |
172 | ||
0f113f3e MC |
173 | if (EVP_PKEY_decrypt(pctx, NULL, &eklen, |
174 | ri->enc_key->data, ri->enc_key->length) <= 0) | |
175 | goto err; | |
176 | ||
177 | ek = OPENSSL_malloc(eklen); | |
e077455e | 178 | if (ek == NULL) |
0f113f3e | 179 | goto err; |
0f113f3e MC |
180 | |
181 | if (EVP_PKEY_decrypt(pctx, ek, &eklen, | |
5840ed0c BE |
182 | ri->enc_key->data, ri->enc_key->length) <= 0 |
183 | || eklen == 0 | |
184 | || (fixlen != 0 && eklen != fixlen)) { | |
0f113f3e | 185 | ret = 0; |
9311d0c4 | 186 | ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); |
0f113f3e MC |
187 | goto err; |
188 | } | |
189 | ||
190 | ret = 1; | |
191 | ||
4b45c6e5 | 192 | OPENSSL_clear_free(*pek, *peklen); |
0f113f3e MC |
193 | *pek = ek; |
194 | *peklen = eklen; | |
195 | ||
196 | err: | |
c5ba2d99 | 197 | EVP_PKEY_CTX_free(pctx); |
b548a1f1 | 198 | if (!ret) |
0f113f3e MC |
199 | OPENSSL_free(ek); |
200 | ||
201 | return ret; | |
202 | } | |
399a6f0b | 203 | |
6b691a5c | 204 | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) |
0f113f3e MC |
205 | { |
206 | int i; | |
207 | BIO *out = NULL, *btmp = NULL; | |
208 | X509_ALGOR *xa = NULL; | |
90a1f2d7 | 209 | EVP_CIPHER *fetched_cipher = NULL; |
835b2900 | 210 | const EVP_CIPHER *cipher; |
0f113f3e MC |
211 | const EVP_CIPHER *evp_cipher = NULL; |
212 | STACK_OF(X509_ALGOR) *md_sk = NULL; | |
213 | STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; | |
214 | X509_ALGOR *xalg = NULL; | |
215 | PKCS7_RECIP_INFO *ri = NULL; | |
216 | ASN1_OCTET_STRING *os = NULL; | |
90a1f2d7 | 217 | const PKCS7_CTX *p7_ctx; |
038f4dc6 SL |
218 | OSSL_LIB_CTX *libctx; |
219 | const char *propq; | |
0f113f3e | 220 | |
c225c3cf | 221 | if (p7 == NULL) { |
9311d0c4 | 222 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); |
c225c3cf EK |
223 | return NULL; |
224 | } | |
681618cf SL |
225 | p7_ctx = ossl_pkcs7_get0_ctx(p7); |
226 | libctx = ossl_pkcs7_ctx_get0_libctx(p7_ctx); | |
227 | propq = ossl_pkcs7_ctx_get0_propq(p7_ctx); | |
90a1f2d7 | 228 | |
c225c3cf EK |
229 | /* |
230 | * The content field in the PKCS7 ContentInfo is optional, but that really | |
231 | * only applies to inner content (precisely, detached signatures). | |
232 | * | |
233 | * When reading content, missing outer content is therefore treated as an | |
234 | * error. | |
235 | * | |
236 | * When creating content, PKCS7_content_new() must be called before | |
237 | * calling this method, so a NULL p7->d is always an error. | |
238 | */ | |
239 | if (p7->d.ptr == NULL) { | |
9311d0c4 | 240 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
c225c3cf EK |
241 | return NULL; |
242 | } | |
243 | ||
0f113f3e MC |
244 | i = OBJ_obj2nid(p7->type); |
245 | p7->state = PKCS7_S_HEADER; | |
246 | ||
247 | switch (i) { | |
248 | case NID_pkcs7_signed: | |
249 | md_sk = p7->d.sign->md_algs; | |
250 | os = PKCS7_get_octet_string(p7->d.sign->contents); | |
251 | break; | |
252 | case NID_pkcs7_signedAndEnveloped: | |
253 | rsk = p7->d.signed_and_enveloped->recipientinfo; | |
254 | md_sk = p7->d.signed_and_enveloped->md_algs; | |
255 | xalg = p7->d.signed_and_enveloped->enc_data->algorithm; | |
256 | evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher; | |
257 | if (evp_cipher == NULL) { | |
9311d0c4 | 258 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED); |
0f113f3e MC |
259 | goto err; |
260 | } | |
261 | break; | |
262 | case NID_pkcs7_enveloped: | |
263 | rsk = p7->d.enveloped->recipientinfo; | |
264 | xalg = p7->d.enveloped->enc_data->algorithm; | |
265 | evp_cipher = p7->d.enveloped->enc_data->cipher; | |
266 | if (evp_cipher == NULL) { | |
9311d0c4 | 267 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED); |
0f113f3e MC |
268 | goto err; |
269 | } | |
270 | break; | |
271 | case NID_pkcs7_digest: | |
272 | xa = p7->d.digest->md; | |
273 | os = PKCS7_get_octet_string(p7->d.digest->contents); | |
274 | break; | |
275 | case NID_pkcs7_data: | |
276 | break; | |
277 | default: | |
9311d0c4 | 278 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
0f113f3e MC |
279 | goto err; |
280 | } | |
281 | ||
282 | for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) | |
90a1f2d7 | 283 | if (!pkcs7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i), p7_ctx)) |
0f113f3e MC |
284 | goto err; |
285 | ||
90a1f2d7 | 286 | if (xa && !pkcs7_bio_add_digest(&out, xa, p7_ctx)) |
0f113f3e MC |
287 | goto err; |
288 | ||
289 | if (evp_cipher != NULL) { | |
290 | unsigned char key[EVP_MAX_KEY_LENGTH]; | |
291 | unsigned char iv[EVP_MAX_IV_LENGTH]; | |
292 | int keylen, ivlen; | |
293 | EVP_CIPHER_CTX *ctx; | |
294 | ||
295 | if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { | |
9311d0c4 | 296 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
297 | goto err; |
298 | } | |
299 | BIO_get_cipher_ctx(btmp, &ctx); | |
ed576acd TM |
300 | keylen = EVP_CIPHER_get_key_length(evp_cipher); |
301 | ivlen = EVP_CIPHER_get_iv_length(evp_cipher); | |
302 | xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_get_type(evp_cipher)); | |
0f113f3e | 303 | if (ivlen > 0) |
5cbd2ea3 | 304 | if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) |
0f113f3e | 305 | goto err; |
90a1f2d7 | 306 | |
835b2900 | 307 | (void)ERR_set_mark(); |
038f4dc6 | 308 | fetched_cipher = EVP_CIPHER_fetch(libctx, |
ed576acd | 309 | EVP_CIPHER_get0_name(evp_cipher), |
038f4dc6 | 310 | propq); |
0f0b7dfb | 311 | (void)ERR_pop_to_mark(); |
835b2900 DB |
312 | if (fetched_cipher != NULL) |
313 | cipher = fetched_cipher; | |
314 | else | |
315 | cipher = evp_cipher; | |
316 | ||
835b2900 | 317 | if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) <= 0) |
90a1f2d7 SL |
318 | goto err; |
319 | ||
320 | EVP_CIPHER_free(fetched_cipher); | |
321 | fetched_cipher = NULL; | |
322 | ||
0f113f3e MC |
323 | if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) |
324 | goto err; | |
325 | if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) | |
326 | goto err; | |
327 | ||
328 | if (ivlen > 0) { | |
329 | if (xalg->parameter == NULL) { | |
330 | xalg->parameter = ASN1_TYPE_new(); | |
331 | if (xalg->parameter == NULL) | |
332 | goto err; | |
333 | } | |
334 | if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) | |
335 | goto err; | |
336 | } | |
337 | ||
338 | /* Lets do the pub key stuff :-) */ | |
339 | for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { | |
340 | ri = sk_PKCS7_RECIP_INFO_value(rsk, i); | |
341 | if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) | |
342 | goto err; | |
343 | } | |
344 | OPENSSL_cleanse(key, keylen); | |
345 | ||
346 | if (out == NULL) | |
347 | out = btmp; | |
348 | else | |
349 | BIO_push(out, btmp); | |
350 | btmp = NULL; | |
351 | } | |
352 | ||
353 | if (bio == NULL) { | |
4718f449 | 354 | if (PKCS7_is_detached(p7)) { |
0f113f3e | 355 | bio = BIO_new(BIO_s_null()); |
4718f449 | 356 | } else if (os && os->length > 0) { |
0f113f3e | 357 | bio = BIO_new_mem_buf(os->data, os->length); |
4718f449 | 358 | } else { |
0f113f3e MC |
359 | bio = BIO_new(BIO_s_mem()); |
360 | if (bio == NULL) | |
361 | goto err; | |
362 | BIO_set_mem_eof_return(bio, 0); | |
363 | } | |
4718f449 MC |
364 | if (bio == NULL) |
365 | goto err; | |
0f113f3e MC |
366 | } |
367 | if (out) | |
368 | BIO_push(out, bio); | |
369 | else | |
370 | out = bio; | |
ca3a82c3 RS |
371 | return out; |
372 | ||
0f113f3e | 373 | err: |
90a1f2d7 | 374 | EVP_CIPHER_free(fetched_cipher); |
ca3a82c3 RS |
375 | BIO_free_all(out); |
376 | BIO_free_all(btmp); | |
377 | return NULL; | |
0f113f3e | 378 | } |
dfeab068 | 379 | |
8f2e4fdf | 380 | static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) |
0f113f3e MC |
381 | { |
382 | int ret; | |
383 | ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, | |
a8d8e06b | 384 | X509_get_issuer_name(pcert)); |
0f113f3e MC |
385 | if (ret) |
386 | return ret; | |
1337a3a9 | 387 | return ASN1_INTEGER_cmp(X509_get0_serialNumber(pcert), |
a8d8e06b | 388 | ri->issuer_and_serial->serial); |
0f113f3e | 389 | } |
8f2e4fdf | 390 | |
dfeab068 | 391 | /* int */ |
84fa704c | 392 | BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) |
0f113f3e | 393 | { |
90a1f2d7 | 394 | int i, len; |
0f113f3e MC |
395 | BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; |
396 | X509_ALGOR *xa; | |
397 | ASN1_OCTET_STRING *data_body = NULL; | |
90a1f2d7 | 398 | EVP_MD *evp_md = NULL; |
bd1bbbfe | 399 | const EVP_MD *md; |
90a1f2d7 | 400 | EVP_CIPHER *evp_cipher = NULL; |
835b2900 | 401 | const EVP_CIPHER *cipher = NULL; |
0f113f3e MC |
402 | EVP_CIPHER_CTX *evp_ctx = NULL; |
403 | X509_ALGOR *enc_alg = NULL; | |
404 | STACK_OF(X509_ALGOR) *md_sk = NULL; | |
405 | STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; | |
406 | PKCS7_RECIP_INFO *ri = NULL; | |
407 | unsigned char *ek = NULL, *tkey = NULL; | |
408 | int eklen = 0, tkeylen = 0; | |
ad57a13b | 409 | char name[OSSL_MAX_NAME_SIZE]; |
90a1f2d7 | 410 | const PKCS7_CTX *p7_ctx; |
038f4dc6 SL |
411 | OSSL_LIB_CTX *libctx; |
412 | const char *propq; | |
0f113f3e | 413 | |
c225c3cf | 414 | if (p7 == NULL) { |
9311d0c4 | 415 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); |
c225c3cf EK |
416 | return NULL; |
417 | } | |
418 | ||
681618cf SL |
419 | p7_ctx = ossl_pkcs7_get0_ctx(p7); |
420 | libctx = ossl_pkcs7_ctx_get0_libctx(p7_ctx); | |
421 | propq = ossl_pkcs7_ctx_get0_propq(p7_ctx); | |
90a1f2d7 | 422 | |
c225c3cf | 423 | if (p7->d.ptr == NULL) { |
9311d0c4 | 424 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
c225c3cf EK |
425 | return NULL; |
426 | } | |
427 | ||
0f113f3e MC |
428 | i = OBJ_obj2nid(p7->type); |
429 | p7->state = PKCS7_S_HEADER; | |
430 | ||
431 | switch (i) { | |
432 | case NID_pkcs7_signed: | |
59302b60 EK |
433 | /* |
434 | * p7->d.sign->contents is a PKCS7 structure consisting of a contentType | |
435 | * field and optional content. | |
436 | * data_body is NULL if that structure has no (=detached) content | |
437 | * or if the contentType is wrong (i.e., not "data"). | |
438 | */ | |
0f113f3e MC |
439 | data_body = PKCS7_get_octet_string(p7->d.sign->contents); |
440 | if (!PKCS7_is_detached(p7) && data_body == NULL) { | |
9311d0c4 | 441 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_SIGNED_DATA_TYPE); |
0f113f3e MC |
442 | goto err; |
443 | } | |
444 | md_sk = p7->d.sign->md_algs; | |
445 | break; | |
446 | case NID_pkcs7_signedAndEnveloped: | |
447 | rsk = p7->d.signed_and_enveloped->recipientinfo; | |
448 | md_sk = p7->d.signed_and_enveloped->md_algs; | |
59302b60 | 449 | /* data_body is NULL if the optional EncryptedContent is missing. */ |
0f113f3e MC |
450 | data_body = p7->d.signed_and_enveloped->enc_data->enc_data; |
451 | enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; | |
90a1f2d7 | 452 | |
ad57a13b | 453 | OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0); |
835b2900 DB |
454 | |
455 | (void)ERR_set_mark(); | |
038f4dc6 | 456 | evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); |
835b2900 DB |
457 | if (evp_cipher != NULL) |
458 | cipher = evp_cipher; | |
459 | else | |
460 | cipher = EVP_get_cipherbyname(name); | |
461 | ||
462 | if (cipher == NULL) { | |
463 | (void)ERR_clear_last_mark(); | |
9311d0c4 | 464 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE); |
0f113f3e MC |
465 | goto err; |
466 | } | |
835b2900 | 467 | (void)ERR_pop_to_mark(); |
0f113f3e MC |
468 | break; |
469 | case NID_pkcs7_enveloped: | |
470 | rsk = p7->d.enveloped->recipientinfo; | |
471 | enc_alg = p7->d.enveloped->enc_data->algorithm; | |
59302b60 | 472 | /* data_body is NULL if the optional EncryptedContent is missing. */ |
0f113f3e | 473 | data_body = p7->d.enveloped->enc_data->enc_data; |
ad57a13b | 474 | OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0); |
835b2900 DB |
475 | |
476 | (void)ERR_set_mark(); | |
038f4dc6 | 477 | evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); |
835b2900 DB |
478 | if (evp_cipher != NULL) |
479 | cipher = evp_cipher; | |
480 | else | |
481 | cipher = EVP_get_cipherbyname(name); | |
482 | ||
483 | if (cipher == NULL) { | |
484 | (void)ERR_clear_last_mark(); | |
9311d0c4 | 485 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE); |
0f113f3e MC |
486 | goto err; |
487 | } | |
835b2900 | 488 | (void)ERR_pop_to_mark(); |
0f113f3e MC |
489 | break; |
490 | default: | |
9311d0c4 | 491 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
0f113f3e MC |
492 | goto err; |
493 | } | |
494 | ||
59302b60 EK |
495 | /* Detached content must be supplied via in_bio instead. */ |
496 | if (data_body == NULL && in_bio == NULL) { | |
9311d0c4 | 497 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
59302b60 EK |
498 | goto err; |
499 | } | |
500 | ||
0f113f3e MC |
501 | /* We will be checking the signature */ |
502 | if (md_sk != NULL) { | |
503 | for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { | |
504 | xa = sk_X509_ALGOR_value(md_sk, i); | |
505 | if ((btmp = BIO_new(BIO_f_md())) == NULL) { | |
9311d0c4 | 506 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
507 | goto err; |
508 | } | |
509 | ||
ad57a13b | 510 | OBJ_obj2txt(name, sizeof(name), xa->algorithm, 0); |
bd1bbbfe DB |
511 | |
512 | (void)ERR_set_mark(); | |
038f4dc6 | 513 | evp_md = EVP_MD_fetch(libctx, name, propq); |
bd1bbbfe DB |
514 | if (evp_md != NULL) |
515 | md = evp_md; | |
516 | else | |
517 | md = EVP_get_digestbyname(name); | |
518 | ||
519 | if (md == NULL) { | |
520 | (void)ERR_clear_last_mark(); | |
9311d0c4 | 521 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE); |
0f113f3e MC |
522 | goto err; |
523 | } | |
bd1bbbfe | 524 | (void)ERR_pop_to_mark(); |
0f113f3e | 525 | |
bd1bbbfe | 526 | BIO_set_md(btmp, md); |
90a1f2d7 | 527 | EVP_MD_free(evp_md); |
0f113f3e MC |
528 | if (out == NULL) |
529 | out = btmp; | |
530 | else | |
531 | BIO_push(out, btmp); | |
532 | btmp = NULL; | |
533 | } | |
534 | } | |
535 | ||
835b2900 | 536 | if (cipher != NULL) { |
0f113f3e | 537 | if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { |
9311d0c4 | 538 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
539 | goto err; |
540 | } | |
541 | ||
542 | /* | |
543 | * It was encrypted, we need to decrypt the secret key with the | |
544 | * private key | |
545 | */ | |
546 | ||
547 | /* | |
548 | * Find the recipientInfo which matches the passed certificate (if | |
549 | * any) | |
550 | */ | |
551 | ||
552 | if (pcert) { | |
553 | for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { | |
554 | ri = sk_PKCS7_RECIP_INFO_value(rsk, i); | |
555 | if (!pkcs7_cmp_ri(ri, pcert)) | |
556 | break; | |
557 | ri = NULL; | |
558 | } | |
559 | if (ri == NULL) { | |
9311d0c4 RL |
560 | ERR_raise(ERR_LIB_PKCS7, |
561 | PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); | |
0f113f3e MC |
562 | goto err; |
563 | } | |
564 | } | |
565 | ||
566 | /* If we haven't got a certificate try each ri in turn */ | |
567 | if (pcert == NULL) { | |
568 | /* | |
569 | * Always attempt to decrypt all rinfo even after success as a | |
570 | * defence against MMA timing attacks. | |
571 | */ | |
572 | for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { | |
573 | ri = sk_PKCS7_RECIP_INFO_value(rsk, i); | |
90a1f2d7 | 574 | ri->ctx = p7_ctx; |
5840ed0c | 575 | if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, |
ed576acd | 576 | EVP_CIPHER_get_key_length(cipher)) < 0) |
0f113f3e MC |
577 | goto err; |
578 | ERR_clear_error(); | |
579 | } | |
580 | } else { | |
90a1f2d7 | 581 | ri->ctx = p7_ctx; |
0f113f3e | 582 | /* Only exit on fatal errors, not decrypt failure */ |
5840ed0c | 583 | if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0) |
0f113f3e MC |
584 | goto err; |
585 | ERR_clear_error(); | |
586 | } | |
587 | ||
588 | evp_ctx = NULL; | |
589 | BIO_get_cipher_ctx(etmp, &evp_ctx); | |
835b2900 | 590 | if (EVP_CipherInit_ex(evp_ctx, cipher, NULL, NULL, NULL, 0) <= 0) |
0f113f3e MC |
591 | goto err; |
592 | if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) | |
593 | goto err; | |
594 | /* Generate random key as MMA defence */ | |
ed576acd | 595 | len = EVP_CIPHER_CTX_get_key_length(evp_ctx); |
eae4a008 SL |
596 | if (len <= 0) |
597 | goto err; | |
598 | tkeylen = (size_t)len; | |
0f113f3e | 599 | tkey = OPENSSL_malloc(tkeylen); |
90945fa3 | 600 | if (tkey == NULL) |
0f113f3e MC |
601 | goto err; |
602 | if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) | |
603 | goto err; | |
604 | if (ek == NULL) { | |
605 | ek = tkey; | |
606 | eklen = tkeylen; | |
607 | tkey = NULL; | |
608 | } | |
609 | ||
ed576acd | 610 | if (eklen != EVP_CIPHER_CTX_get_key_length(evp_ctx)) { |
0f113f3e MC |
611 | /* |
612 | * Some S/MIME clients don't use the same key and effective key | |
613 | * length. The key length is determined by the size of the | |
614 | * decrypted RSA key. | |
615 | */ | |
8d9fec17 | 616 | if (EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen) <= 0) { |
0f113f3e | 617 | /* Use random key as MMA defence */ |
4b45c6e5 | 618 | OPENSSL_clear_free(ek, eklen); |
0f113f3e MC |
619 | ek = tkey; |
620 | eklen = tkeylen; | |
621 | tkey = NULL; | |
622 | } | |
623 | } | |
624 | /* Clear errors so we don't leak information useful in MMA */ | |
625 | ERR_clear_error(); | |
626 | if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) | |
627 | goto err; | |
628 | ||
4b45c6e5 RS |
629 | OPENSSL_clear_free(ek, eklen); |
630 | ek = NULL; | |
631 | OPENSSL_clear_free(tkey, tkeylen); | |
632 | tkey = NULL; | |
0f113f3e MC |
633 | |
634 | if (out == NULL) | |
635 | out = etmp; | |
636 | else | |
637 | BIO_push(out, etmp); | |
638 | etmp = NULL; | |
639 | } | |
59302b60 | 640 | if (in_bio != NULL) { |
0f113f3e MC |
641 | bio = in_bio; |
642 | } else { | |
0f113f3e MC |
643 | if (data_body->length > 0) |
644 | bio = BIO_new_mem_buf(data_body->data, data_body->length); | |
645 | else { | |
646 | bio = BIO_new(BIO_s_mem()); | |
90945fa3 MC |
647 | if (bio == NULL) |
648 | goto err; | |
0f113f3e MC |
649 | BIO_set_mem_eof_return(bio, 0); |
650 | } | |
651 | if (bio == NULL) | |
652 | goto err; | |
0f113f3e MC |
653 | } |
654 | BIO_push(out, bio); | |
655 | bio = NULL; | |
90a1f2d7 | 656 | EVP_CIPHER_free(evp_cipher); |
4b45c6e5 RS |
657 | return out; |
658 | ||
0f113f3e | 659 | err: |
90a1f2d7 | 660 | EVP_CIPHER_free(evp_cipher); |
4b45c6e5 RS |
661 | OPENSSL_clear_free(ek, eklen); |
662 | OPENSSL_clear_free(tkey, tkeylen); | |
663 | BIO_free_all(out); | |
664 | BIO_free_all(btmp); | |
665 | BIO_free_all(etmp); | |
666 | BIO_free_all(bio); | |
02e112a8 | 667 | return NULL; |
0f113f3e | 668 | } |
d02b48c6 | 669 | |
c5a55463 | 670 | static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) |
0f113f3e MC |
671 | { |
672 | for (;;) { | |
673 | bio = BIO_find_type(bio, BIO_TYPE_MD); | |
674 | if (bio == NULL) { | |
9311d0c4 | 675 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); |
0f113f3e MC |
676 | return NULL; |
677 | } | |
678 | BIO_get_md_ctx(bio, pmd); | |
679 | if (*pmd == NULL) { | |
9311d0c4 | 680 | ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR); |
0f113f3e MC |
681 | return NULL; |
682 | } | |
ed576acd | 683 | if (EVP_MD_CTX_get_type(*pmd) == nid) |
0f113f3e MC |
684 | return bio; |
685 | bio = BIO_next(bio); | |
686 | } | |
687 | return NULL; | |
688 | } | |
c5a55463 | 689 | |
76fa8f18 | 690 | static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) |
0f113f3e MC |
691 | { |
692 | unsigned char md_data[EVP_MAX_MD_SIZE]; | |
693 | unsigned int md_len; | |
694 | ||
695 | /* Add signing time if not already present */ | |
696 | if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { | |
697 | if (!PKCS7_add0_attrib_signing_time(si, NULL)) { | |
e077455e | 698 | ERR_raise(ERR_LIB_PKCS7, ERR_R_PKCS7_LIB); |
0f113f3e MC |
699 | return 0; |
700 | } | |
701 | } | |
702 | ||
703 | /* Add digest */ | |
704 | if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) { | |
9311d0c4 | 705 | ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); |
0f113f3e MC |
706 | return 0; |
707 | } | |
708 | if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) { | |
e077455e | 709 | ERR_raise(ERR_LIB_PKCS7, ERR_R_PKCS7_LIB); |
0f113f3e MC |
710 | return 0; |
711 | } | |
712 | ||
713 | /* Now sign the attributes */ | |
714 | if (!PKCS7_SIGNER_INFO_sign(si)) | |
715 | return 0; | |
716 | ||
717 | return 1; | |
718 | } | |
719 | ||
6b691a5c | 720 | int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) |
0f113f3e MC |
721 | { |
722 | int ret = 0; | |
723 | int i, j; | |
724 | BIO *btmp; | |
725 | PKCS7_SIGNER_INFO *si; | |
6e59a892 | 726 | EVP_MD_CTX *mdc, *ctx_tmp; |
0f113f3e MC |
727 | STACK_OF(X509_ATTRIBUTE) *sk; |
728 | STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; | |
729 | ASN1_OCTET_STRING *os = NULL; | |
90a1f2d7 | 730 | const PKCS7_CTX *p7_ctx; |
0f113f3e | 731 | |
c225c3cf | 732 | if (p7 == NULL) { |
9311d0c4 | 733 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); |
c225c3cf EK |
734 | return 0; |
735 | } | |
736 | ||
681618cf | 737 | p7_ctx = ossl_pkcs7_get0_ctx(p7); |
90a1f2d7 | 738 | |
c225c3cf | 739 | if (p7->d.ptr == NULL) { |
9311d0c4 | 740 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
c225c3cf EK |
741 | return 0; |
742 | } | |
743 | ||
bfb0641f | 744 | ctx_tmp = EVP_MD_CTX_new(); |
6e59a892 | 745 | if (ctx_tmp == NULL) { |
e077455e | 746 | ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); |
6e59a892 RL |
747 | return 0; |
748 | } | |
749 | ||
0f113f3e MC |
750 | i = OBJ_obj2nid(p7->type); |
751 | p7->state = PKCS7_S_HEADER; | |
752 | ||
753 | switch (i) { | |
754 | case NID_pkcs7_data: | |
755 | os = p7->d.data; | |
756 | break; | |
757 | case NID_pkcs7_signedAndEnveloped: | |
758 | /* XXXXXXXXXXXXXXXX */ | |
759 | si_sk = p7->d.signed_and_enveloped->signer_info; | |
760 | os = p7->d.signed_and_enveloped->enc_data->enc_data; | |
90945fa3 | 761 | if (os == NULL) { |
f422a514 | 762 | os = ASN1_OCTET_STRING_new(); |
90945fa3 | 763 | if (os == NULL) { |
e077455e | 764 | ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB); |
0f113f3e MC |
765 | goto err; |
766 | } | |
767 | p7->d.signed_and_enveloped->enc_data->enc_data = os; | |
768 | } | |
769 | break; | |
770 | case NID_pkcs7_enveloped: | |
771 | /* XXXXXXXXXXXXXXXX */ | |
772 | os = p7->d.enveloped->enc_data->enc_data; | |
90945fa3 | 773 | if (os == NULL) { |
f422a514 | 774 | os = ASN1_OCTET_STRING_new(); |
90945fa3 | 775 | if (os == NULL) { |
e077455e | 776 | ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB); |
0f113f3e MC |
777 | goto err; |
778 | } | |
779 | p7->d.enveloped->enc_data->enc_data = os; | |
780 | } | |
781 | break; | |
782 | case NID_pkcs7_signed: | |
783 | si_sk = p7->d.sign->signer_info; | |
784 | os = PKCS7_get_octet_string(p7->d.sign->contents); | |
785 | /* If detached data then the content is excluded */ | |
786 | if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { | |
f422a514 | 787 | ASN1_OCTET_STRING_free(os); |
c225c3cf | 788 | os = NULL; |
0f113f3e MC |
789 | p7->d.sign->contents->d.data = NULL; |
790 | } | |
791 | break; | |
792 | ||
793 | case NID_pkcs7_digest: | |
794 | os = PKCS7_get_octet_string(p7->d.digest->contents); | |
795 | /* If detached data then the content is excluded */ | |
796 | if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { | |
f422a514 | 797 | ASN1_OCTET_STRING_free(os); |
c225c3cf | 798 | os = NULL; |
0f113f3e MC |
799 | p7->d.digest->contents->d.data = NULL; |
800 | } | |
801 | break; | |
802 | ||
803 | default: | |
9311d0c4 | 804 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
0f113f3e MC |
805 | goto err; |
806 | } | |
807 | ||
808 | if (si_sk != NULL) { | |
809 | for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) { | |
810 | si = sk_PKCS7_SIGNER_INFO_value(si_sk, i); | |
811 | if (si->pkey == NULL) | |
812 | continue; | |
813 | ||
814 | j = OBJ_obj2nid(si->digest_alg->algorithm); | |
815 | ||
816 | btmp = bio; | |
817 | ||
818 | btmp = PKCS7_find_digest(&mdc, btmp, j); | |
819 | ||
820 | if (btmp == NULL) | |
821 | goto err; | |
822 | ||
823 | /* | |
824 | * We now have the EVP_MD_CTX, lets do the signing. | |
825 | */ | |
6e59a892 | 826 | if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc)) |
0f113f3e MC |
827 | goto err; |
828 | ||
829 | sk = si->auth_attr; | |
830 | ||
831 | /* | |
832 | * If there are attributes, we add the digest attribute and only | |
833 | * sign the attributes | |
834 | */ | |
835 | if (sk_X509_ATTRIBUTE_num(sk) > 0) { | |
6e59a892 | 836 | if (!do_pkcs7_signed_attrib(si, ctx_tmp)) |
0f113f3e MC |
837 | goto err; |
838 | } else { | |
839 | unsigned char *abuf = NULL; | |
840 | unsigned int abuflen; | |
ed576acd | 841 | abuflen = EVP_PKEY_get_size(si->pkey); |
0f113f3e | 842 | abuf = OPENSSL_malloc(abuflen); |
90945fa3 | 843 | if (abuf == NULL) |
0f113f3e MC |
844 | goto err; |
845 | ||
d8652be0 | 846 | if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey, |
681618cf SL |
847 | ossl_pkcs7_ctx_get0_libctx(p7_ctx), |
848 | ossl_pkcs7_ctx_get0_propq(p7_ctx))) { | |
d54ac5c4 | 849 | OPENSSL_free(abuf); |
9311d0c4 | 850 | ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); |
0f113f3e MC |
851 | goto err; |
852 | } | |
853 | ASN1_STRING_set0(si->enc_digest, abuf, abuflen); | |
854 | } | |
855 | } | |
856 | } else if (i == NID_pkcs7_digest) { | |
857 | unsigned char md_data[EVP_MAX_MD_SIZE]; | |
858 | unsigned int md_len; | |
859 | if (!PKCS7_find_digest(&mdc, bio, | |
860 | OBJ_obj2nid(p7->d.digest->md->algorithm))) | |
861 | goto err; | |
862 | if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) | |
863 | goto err; | |
d356dc56 MC |
864 | if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len)) |
865 | goto err; | |
0f113f3e MC |
866 | } |
867 | ||
c225c3cf | 868 | if (!PKCS7_is_detached(p7)) { |
0f113f3e | 869 | /* |
c225c3cf EK |
870 | * NOTE(emilia): I think we only reach os == NULL here because detached |
871 | * digested data support is broken. | |
0f113f3e | 872 | */ |
c225c3cf EK |
873 | if (os == NULL) |
874 | goto err; | |
875 | if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { | |
876 | char *cont; | |
877 | long contlen; | |
878 | btmp = BIO_find_type(bio, BIO_TYPE_MEM); | |
879 | if (btmp == NULL) { | |
9311d0c4 | 880 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); |
c225c3cf EK |
881 | goto err; |
882 | } | |
883 | contlen = BIO_get_mem_data(btmp, &cont); | |
884 | /* | |
885 | * Mark the BIO read only then we can use its copy of the data | |
886 | * instead of making an extra copy. | |
887 | */ | |
888 | BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); | |
889 | BIO_set_mem_eof_return(btmp, 0); | |
890 | ASN1_STRING_set0(os, (unsigned char *)cont, contlen); | |
891 | } | |
0f113f3e MC |
892 | } |
893 | ret = 1; | |
894 | err: | |
bfb0641f | 895 | EVP_MD_CTX_free(ctx_tmp); |
26a7d938 | 896 | return ret; |
0f113f3e | 897 | } |
d02b48c6 | 898 | |
76fa8f18 | 899 | int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) |
0f113f3e | 900 | { |
6e59a892 | 901 | EVP_MD_CTX *mctx; |
e6803117 | 902 | EVP_PKEY_CTX *pctx = NULL; |
0f113f3e MC |
903 | unsigned char *abuf = NULL; |
904 | int alen; | |
905 | size_t siglen; | |
906 | const EVP_MD *md = NULL; | |
90a1f2d7 | 907 | const PKCS7_CTX *ctx = si->ctx; |
0f113f3e MC |
908 | |
909 | md = EVP_get_digestbyobj(si->digest_alg->algorithm); | |
910 | if (md == NULL) | |
911 | return 0; | |
912 | ||
bfb0641f | 913 | mctx = EVP_MD_CTX_new(); |
6e59a892 | 914 | if (mctx == NULL) { |
e077455e | 915 | ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); |
6e59a892 RL |
916 | goto err; |
917 | } | |
918 | ||
ed576acd | 919 | if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_get0_name(md), |
681618cf | 920 | ossl_pkcs7_ctx_get0_libctx(ctx), |
1666eec8 P |
921 | ossl_pkcs7_ctx_get0_propq(ctx), si->pkey, |
922 | NULL) <= 0) | |
0f113f3e MC |
923 | goto err; |
924 | ||
0f113f3e MC |
925 | alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, |
926 | ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); | |
927 | if (!abuf) | |
928 | goto err; | |
6e59a892 | 929 | if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) |
0f113f3e MC |
930 | goto err; |
931 | OPENSSL_free(abuf); | |
932 | abuf = NULL; | |
6e59a892 | 933 | if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) |
0f113f3e MC |
934 | goto err; |
935 | abuf = OPENSSL_malloc(siglen); | |
90945fa3 | 936 | if (abuf == NULL) |
0f113f3e | 937 | goto err; |
6e59a892 | 938 | if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) |
0f113f3e MC |
939 | goto err; |
940 | ||
bfb0641f | 941 | EVP_MD_CTX_free(mctx); |
0f113f3e MC |
942 | |
943 | ASN1_STRING_set0(si->enc_digest, abuf, siglen); | |
944 | ||
945 | return 1; | |
946 | ||
947 | err: | |
b548a1f1 | 948 | OPENSSL_free(abuf); |
bfb0641f | 949 | EVP_MD_CTX_free(mctx); |
0f113f3e | 950 | return 0; |
0f113f3e | 951 | } |
76fa8f18 | 952 | |
2b445654 | 953 | /* This partly overlaps with PKCS7_verify(). It does not support flags. */ |
6b691a5c | 954 | int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, |
0f113f3e MC |
955 | PKCS7 *p7, PKCS7_SIGNER_INFO *si) |
956 | { | |
957 | PKCS7_ISSUER_AND_SERIAL *ias; | |
958 | int ret = 0, i; | |
2b445654 DDO |
959 | STACK_OF(X509) *untrusted; |
960 | STACK_OF(X509_CRL) *crls; | |
961 | X509 *signer; | |
0f113f3e | 962 | |
c225c3cf | 963 | if (p7 == NULL) { |
9311d0c4 | 964 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); |
c225c3cf EK |
965 | return 0; |
966 | } | |
967 | ||
968 | if (p7->d.ptr == NULL) { | |
9311d0c4 | 969 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
c225c3cf EK |
970 | return 0; |
971 | } | |
972 | ||
0f113f3e | 973 | if (PKCS7_type_is_signed(p7)) { |
2b445654 DDO |
974 | untrusted = p7->d.sign->cert; |
975 | crls = p7->d.sign->crl; | |
0f113f3e | 976 | } else if (PKCS7_type_is_signedAndEnveloped(p7)) { |
2b445654 DDO |
977 | untrusted = p7->d.signed_and_enveloped->cert; |
978 | crls = p7->d.signed_and_enveloped->crl; | |
0f113f3e | 979 | } else { |
9311d0c4 | 980 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_PKCS7_TYPE); |
0f113f3e MC |
981 | goto err; |
982 | } | |
2b445654 DDO |
983 | X509_STORE_CTX_set0_crls(ctx, crls); |
984 | ||
0f113f3e MC |
985 | /* XXXXXXXXXXXXXXXXXXXXXXX */ |
986 | ias = si->issuer_and_serial; | |
987 | ||
2b445654 | 988 | signer = X509_find_by_issuer_and_serial(untrusted, ias->issuer, ias->serial); |
0f113f3e | 989 | |
2b445654 DDO |
990 | /* Were we able to find the signer certificate in passed to us? */ |
991 | if (signer == NULL) { | |
9311d0c4 | 992 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); |
0f113f3e MC |
993 | goto err; |
994 | } | |
995 | ||
996 | /* Lets verify */ | |
2b445654 | 997 | if (!X509_STORE_CTX_init(ctx, cert_store, signer, untrusted)) { |
9311d0c4 | 998 | ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); |
0f113f3e MC |
999 | goto err; |
1000 | } | |
1001 | X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); | |
1002 | i = X509_verify_cert(ctx); | |
1003 | if (i <= 0) { | |
9311d0c4 | 1004 | ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); |
0f113f3e MC |
1005 | goto err; |
1006 | } | |
0f113f3e | 1007 | |
2b445654 | 1008 | return PKCS7_signatureVerify(bio, p7, si, signer); |
0f113f3e MC |
1009 | err: |
1010 | return ret; | |
1011 | } | |
170afce5 DSH |
1012 | |
1013 | int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, | |
2b445654 | 1014 | X509 *signer) |
dfeab068 | 1015 | { |
0f113f3e | 1016 | ASN1_OCTET_STRING *os; |
6e59a892 | 1017 | EVP_MD_CTX *mdc_tmp, *mdc; |
bd1bbbfe | 1018 | const EVP_MD *md; |
90a1f2d7 | 1019 | EVP_MD *fetched_md = NULL; |
0f113f3e MC |
1020 | int ret = 0, i; |
1021 | int md_type; | |
1022 | STACK_OF(X509_ATTRIBUTE) *sk; | |
1023 | BIO *btmp; | |
1024 | EVP_PKEY *pkey; | |
681618cf SL |
1025 | const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); |
1026 | OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx); | |
1027 | const char *propq = ossl_pkcs7_ctx_get0_propq(ctx); | |
0f113f3e | 1028 | |
bfb0641f | 1029 | mdc_tmp = EVP_MD_CTX_new(); |
6e59a892 | 1030 | if (mdc_tmp == NULL) { |
e077455e | 1031 | ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); |
6e59a892 RL |
1032 | goto err; |
1033 | } | |
0f113f3e MC |
1034 | |
1035 | if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { | |
9311d0c4 | 1036 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_PKCS7_TYPE); |
0f113f3e MC |
1037 | goto err; |
1038 | } | |
1039 | ||
1040 | md_type = OBJ_obj2nid(si->digest_alg->algorithm); | |
1041 | ||
1042 | btmp = bio; | |
1043 | for (;;) { | |
1044 | if ((btmp == NULL) || | |
1045 | ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { | |
9311d0c4 | 1046 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); |
0f113f3e MC |
1047 | goto err; |
1048 | } | |
1049 | BIO_get_md_ctx(btmp, &mdc); | |
1050 | if (mdc == NULL) { | |
9311d0c4 | 1051 | ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR); |
0f113f3e MC |
1052 | goto err; |
1053 | } | |
ed576acd | 1054 | if (EVP_MD_CTX_get_type(mdc) == md_type) |
0f113f3e MC |
1055 | break; |
1056 | /* | |
1057 | * Workaround for some broken clients that put the signature OID | |
1058 | * instead of the digest OID in digest_alg->algorithm | |
1059 | */ | |
ed576acd | 1060 | if (EVP_MD_get_pkey_type(EVP_MD_CTX_get0_md(mdc)) == md_type) |
0f113f3e MC |
1061 | break; |
1062 | btmp = BIO_next(btmp); | |
1063 | } | |
1064 | ||
1065 | /* | |
1066 | * mdc is the digest ctx that we want, unless there are attributes, in | |
1067 | * which case the digest is the signed attributes | |
1068 | */ | |
6e59a892 | 1069 | if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc)) |
0f113f3e MC |
1070 | goto err; |
1071 | ||
1072 | sk = si->auth_attr; | |
1073 | if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { | |
1074 | unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; | |
1075 | unsigned int md_len; | |
1076 | int alen; | |
1077 | ASN1_OCTET_STRING *message_digest; | |
1078 | ||
6e59a892 | 1079 | if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len)) |
0f113f3e MC |
1080 | goto err; |
1081 | message_digest = PKCS7_digest_from_attributes(sk); | |
1082 | if (!message_digest) { | |
9311d0c4 | 1083 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); |
0f113f3e MC |
1084 | goto err; |
1085 | } | |
1086 | if ((message_digest->length != (int)md_len) || | |
1087 | (memcmp(message_digest->data, md_dat, md_len))) { | |
9311d0c4 | 1088 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_DIGEST_FAILURE); |
0f113f3e MC |
1089 | ret = -1; |
1090 | goto err; | |
1091 | } | |
1092 | ||
bd1bbbfe | 1093 | (void)ERR_set_mark(); |
038f4dc6 | 1094 | fetched_md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq); |
bd1bbbfe DB |
1095 | |
1096 | if (fetched_md != NULL) | |
1097 | md = fetched_md; | |
1098 | else | |
1099 | md = EVP_get_digestbynid(md_type); | |
1100 | ||
1101 | if (md == NULL || !EVP_VerifyInit_ex(mdc_tmp, md, NULL)) { | |
1102 | (void)ERR_clear_last_mark(); | |
0f113f3e | 1103 | goto err; |
bd1bbbfe DB |
1104 | } |
1105 | (void)ERR_pop_to_mark(); | |
0f113f3e MC |
1106 | |
1107 | alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, | |
1108 | ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); | |
1109 | if (alen <= 0) { | |
9311d0c4 | 1110 | ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB); |
0f113f3e MC |
1111 | ret = -1; |
1112 | goto err; | |
1113 | } | |
6e59a892 | 1114 | if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) |
0f113f3e MC |
1115 | goto err; |
1116 | ||
1117 | OPENSSL_free(abuf); | |
1118 | } | |
1119 | ||
1120 | os = si->enc_digest; | |
2b445654 | 1121 | pkey = X509_get0_pubkey(signer); |
12a765a5 | 1122 | if (pkey == NULL) { |
0f113f3e MC |
1123 | ret = -1; |
1124 | goto err; | |
1125 | } | |
1126 | ||
038f4dc6 | 1127 | i = EVP_VerifyFinal_ex(mdc_tmp, os->data, os->length, pkey, libctx, propq); |
0f113f3e | 1128 | if (i <= 0) { |
9311d0c4 | 1129 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE); |
0f113f3e MC |
1130 | ret = -1; |
1131 | goto err; | |
c5ba2d99 RS |
1132 | } |
1133 | ret = 1; | |
0f113f3e | 1134 | err: |
bfb0641f | 1135 | EVP_MD_CTX_free(mdc_tmp); |
90a1f2d7 | 1136 | EVP_MD_free(fetched_md); |
26a7d938 | 1137 | return ret; |
0f113f3e | 1138 | } |
d02b48c6 | 1139 | |
6b691a5c | 1140 | PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) |
0f113f3e MC |
1141 | { |
1142 | STACK_OF(PKCS7_RECIP_INFO) *rsk; | |
1143 | PKCS7_RECIP_INFO *ri; | |
1144 | int i; | |
1145 | ||
1146 | i = OBJ_obj2nid(p7->type); | |
1147 | if (i != NID_pkcs7_signedAndEnveloped) | |
1148 | return NULL; | |
1149 | if (p7->d.signed_and_enveloped == NULL) | |
1150 | return NULL; | |
1151 | rsk = p7->d.signed_and_enveloped->recipientinfo; | |
1152 | if (rsk == NULL) | |
1153 | return NULL; | |
0f113f3e | 1154 | if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) |
26a7d938 | 1155 | return NULL; |
0f113f3e | 1156 | ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); |
26a7d938 | 1157 | return ri->issuer_and_serial; |
0f113f3e | 1158 | } |
dfeab068 | 1159 | |
63b64f19 | 1160 | ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid) |
0f113f3e | 1161 | { |
26a7d938 | 1162 | return get_attribute(si->auth_attr, nid); |
0f113f3e | 1163 | } |
dfeab068 | 1164 | |
63b64f19 | 1165 | ASN1_TYPE *PKCS7_get_attribute(const PKCS7_SIGNER_INFO *si, int nid) |
0f113f3e | 1166 | { |
26a7d938 | 1167 | return get_attribute(si->unauth_attr, nid); |
0f113f3e | 1168 | } |
dfeab068 | 1169 | |
63b64f19 | 1170 | static ASN1_TYPE *get_attribute(const STACK_OF(X509_ATTRIBUTE) *sk, int nid) |
0f113f3e | 1171 | { |
ba9e3721 DDO |
1172 | int idx = X509at_get_attr_by_NID(sk, nid, -1); |
1173 | ||
1174 | if (idx < 0) | |
1175 | return NULL; | |
1176 | return X509_ATTRIBUTE_get0_type(X509at_get_attr(sk, idx), 0); | |
0f113f3e | 1177 | } |
dfeab068 | 1178 | |
b6436ff2 | 1179 | ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) |
10243d97 | 1180 | { |
0f113f3e | 1181 | ASN1_TYPE *astype; |
75ebbd9a | 1182 | if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL) |
0f113f3e MC |
1183 | return NULL; |
1184 | return astype->value.octet_string; | |
10243d97 | 1185 | } |
dfeab068 | 1186 | |
b6436ff2 | 1187 | int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, |
0f113f3e MC |
1188 | STACK_OF(X509_ATTRIBUTE) *sk) |
1189 | { | |
1190 | int i; | |
1191 | ||
222561fe | 1192 | sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); |
0f113f3e MC |
1193 | p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); |
1194 | if (p7si->auth_attr == NULL) | |
1195 | return 0; | |
1196 | for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { | |
1197 | if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, | |
1198 | X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value | |
1199 | (sk, i)))) | |
1200 | == NULL) | |
26a7d938 | 1201 | return 0; |
0f113f3e | 1202 | } |
208fb891 | 1203 | return 1; |
0f113f3e MC |
1204 | } |
1205 | ||
1206 | int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, | |
1207 | STACK_OF(X509_ATTRIBUTE) *sk) | |
1208 | { | |
1209 | int i; | |
1210 | ||
222561fe | 1211 | sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); |
0f113f3e MC |
1212 | p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); |
1213 | if (p7si->unauth_attr == NULL) | |
1214 | return 0; | |
1215 | for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { | |
1216 | if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, | |
1217 | X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value | |
1218 | (sk, i)))) | |
1219 | == NULL) | |
26a7d938 | 1220 | return 0; |
0f113f3e | 1221 | } |
208fb891 | 1222 | return 1; |
0f113f3e | 1223 | } |
dfeab068 | 1224 | |
6b691a5c | 1225 | int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, |
0f113f3e MC |
1226 | void *value) |
1227 | { | |
26a7d938 | 1228 | return add_attribute(&(p7si->auth_attr), nid, atrtype, value); |
0f113f3e | 1229 | } |
dfeab068 | 1230 | |
6b691a5c | 1231 | int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, |
0f113f3e MC |
1232 | void *value) |
1233 | { | |
26a7d938 | 1234 | return add_attribute(&(p7si->unauth_attr), nid, atrtype, value); |
0f113f3e | 1235 | } |
dfeab068 | 1236 | |
b6436ff2 | 1237 | static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, |
0f113f3e MC |
1238 | void *value) |
1239 | { | |
1240 | X509_ATTRIBUTE *attr = NULL; | |
1241 | ||
1242 | if (*sk == NULL) { | |
75ebbd9a | 1243 | if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL) |
0f113f3e MC |
1244 | return 0; |
1245 | new_attrib: | |
75ebbd9a | 1246 | if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL) |
0f113f3e MC |
1247 | return 0; |
1248 | if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { | |
1249 | X509_ATTRIBUTE_free(attr); | |
1250 | return 0; | |
1251 | } | |
1252 | } else { | |
1253 | int i; | |
1254 | ||
1255 | for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { | |
1256 | attr = sk_X509_ATTRIBUTE_value(*sk, i); | |
9b0a4531 | 1257 | if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { |
0f113f3e MC |
1258 | X509_ATTRIBUTE_free(attr); |
1259 | attr = X509_ATTRIBUTE_create(nid, atrtype, value); | |
1260 | if (attr == NULL) | |
1261 | return 0; | |
1262 | if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) { | |
1263 | X509_ATTRIBUTE_free(attr); | |
1264 | return 0; | |
1265 | } | |
1266 | goto end; | |
1267 | } | |
1268 | } | |
1269 | goto new_attrib; | |
1270 | } | |
1271 | end: | |
208fb891 | 1272 | return 1; |
0f113f3e | 1273 | } |