]>
Commit | Line | Data |
---|---|---|
62867571 | 1 | /* |
4333b89f | 2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. |
d02b48c6 | 3 | * |
b7617a3a | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
62867571 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
d02b48c6 RE |
8 | */ |
9 | ||
10 | #include <stdio.h> | |
b39fc560 | 11 | #include "internal/cryptlib.h" |
ec577822 BM |
12 | #include <openssl/rand.h> |
13 | #include <openssl/objects.h> | |
14 | #include <openssl/x509.h> | |
5a9a4b29 | 15 | #include <openssl/x509v3.h> |
8f2e4fdf | 16 | #include <openssl/err.h> |
90a1f2d7 | 17 | #include "pk7_local.h" |
d02b48c6 | 18 | |
b6436ff2 | 19 | static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, |
0f113f3e | 20 | void *value); |
63b64f19 | 21 | static ASN1_TYPE *get_attribute(const STACK_OF(X509_ATTRIBUTE) *sk, int nid); |
dfeab068 | 22 | |
db554ae1 | 23 | int PKCS7_type_is_other(PKCS7 *p7) |
0f113f3e MC |
24 | { |
25 | int isOther = 1; | |
26 | ||
27 | int nid = OBJ_obj2nid(p7->type); | |
28 | ||
29 | switch (nid) { | |
30 | case NID_pkcs7_data: | |
31 | case NID_pkcs7_signed: | |
32 | case NID_pkcs7_enveloped: | |
33 | case NID_pkcs7_signedAndEnveloped: | |
34 | case NID_pkcs7_digest: | |
35 | case NID_pkcs7_encrypted: | |
36 | isOther = 0; | |
37 | break; | |
38 | default: | |
39 | isOther = 1; | |
40 | } | |
41 | ||
42 | return isOther; | |
43 | ||
44 | } | |
67fec850 | 45 | |
db554ae1 | 46 | ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) |
0f113f3e MC |
47 | { |
48 | if (PKCS7_type_is_data(p7)) | |
49 | return p7->d.data; | |
50 | if (PKCS7_type_is_other(p7) && p7->d.other | |
51 | && (p7->d.other->type == V_ASN1_OCTET_STRING)) | |
52 | return p7->d.other->value.octet_string; | |
53 | return NULL; | |
54 | } | |
67fec850 | 55 | |
90a1f2d7 SL |
56 | static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg, |
57 | const PKCS7_CTX *ctx) | |
0f113f3e MC |
58 | { |
59 | BIO *btmp; | |
90a1f2d7 SL |
60 | const char *name; |
61 | EVP_MD *fetched = NULL; | |
bd1bbbfe | 62 | const EVP_MD *md; |
90a1f2d7 | 63 | |
0f113f3e | 64 | if ((btmp = BIO_new(BIO_f_md())) == NULL) { |
9311d0c4 | 65 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
66 | goto err; |
67 | } | |
68 | ||
90a1f2d7 | 69 | name = OBJ_nid2sn(OBJ_obj2nid(alg->algorithm)); |
bd1bbbfe DB |
70 | |
71 | (void)ERR_set_mark(); | |
681618cf SL |
72 | fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name, |
73 | ossl_pkcs7_ctx_get0_propq(ctx)); | |
bd1bbbfe DB |
74 | if (fetched != NULL) |
75 | md = fetched; | |
76 | else | |
77 | md = EVP_get_digestbyname(name); | |
78 | ||
79 | if (md == NULL) { | |
80 | (void)ERR_clear_last_mark(); | |
9311d0c4 | 81 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE); |
0f113f3e MC |
82 | goto err; |
83 | } | |
bd1bbbfe | 84 | (void)ERR_pop_to_mark(); |
0f113f3e | 85 | |
bd1bbbfe | 86 | BIO_set_md(btmp, md); |
90a1f2d7 | 87 | EVP_MD_free(fetched); |
0f113f3e MC |
88 | if (*pbio == NULL) |
89 | *pbio = btmp; | |
90 | else if (!BIO_push(*pbio, btmp)) { | |
9311d0c4 | 91 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
92 | goto err; |
93 | } | |
94 | btmp = NULL; | |
95 | ||
96 | return 1; | |
97 | ||
98 | err: | |
ca3a82c3 | 99 | BIO_free(btmp); |
0f113f3e | 100 | return 0; |
0f113f3e | 101 | } |
399a6f0b | 102 | |
0f113f3e MC |
103 | static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, |
104 | unsigned char *key, int keylen) | |
105 | { | |
106 | EVP_PKEY_CTX *pctx = NULL; | |
107 | EVP_PKEY *pkey = NULL; | |
108 | unsigned char *ek = NULL; | |
109 | int ret = 0; | |
110 | size_t eklen; | |
90a1f2d7 | 111 | const PKCS7_CTX *ctx = ri->ctx; |
399a6f0b | 112 | |
8382fd3a | 113 | pkey = X509_get0_pubkey(ri->cert); |
12a765a5 | 114 | if (pkey == NULL) |
0f113f3e | 115 | return 0; |
399a6f0b | 116 | |
681618cf SL |
117 | pctx = EVP_PKEY_CTX_new_from_pkey(ossl_pkcs7_ctx_get0_libctx(ctx), pkey, |
118 | ossl_pkcs7_ctx_get0_propq(ctx)); | |
12a765a5 | 119 | if (pctx == NULL) |
0f113f3e | 120 | return 0; |
399a6f0b | 121 | |
0f113f3e MC |
122 | if (EVP_PKEY_encrypt_init(pctx) <= 0) |
123 | goto err; | |
399a6f0b | 124 | |
0f113f3e MC |
125 | if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) |
126 | goto err; | |
399a6f0b | 127 | |
0f113f3e | 128 | ek = OPENSSL_malloc(eklen); |
399a6f0b | 129 | |
0f113f3e | 130 | if (ek == NULL) { |
9311d0c4 | 131 | ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
132 | goto err; |
133 | } | |
399a6f0b | 134 | |
0f113f3e MC |
135 | if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) |
136 | goto err; | |
399a6f0b | 137 | |
0f113f3e MC |
138 | ASN1_STRING_set0(ri->enc_key, ek, eklen); |
139 | ek = NULL; | |
399a6f0b | 140 | |
0f113f3e | 141 | ret = 1; |
399a6f0b | 142 | |
0f113f3e | 143 | err: |
c5ba2d99 | 144 | EVP_PKEY_CTX_free(pctx); |
b548a1f1 | 145 | OPENSSL_free(ek); |
0f113f3e | 146 | return ret; |
399a6f0b | 147 | |
0f113f3e | 148 | } |
399a6f0b | 149 | |
777c47ac | 150 | static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, |
5840ed0c BE |
151 | PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey, |
152 | size_t fixlen) | |
0f113f3e MC |
153 | { |
154 | EVP_PKEY_CTX *pctx = NULL; | |
155 | unsigned char *ek = NULL; | |
156 | size_t eklen; | |
0f113f3e | 157 | int ret = -1; |
90a1f2d7 | 158 | const PKCS7_CTX *ctx = ri->ctx; |
0f113f3e | 159 | |
681618cf SL |
160 | pctx = EVP_PKEY_CTX_new_from_pkey(ossl_pkcs7_ctx_get0_libctx(ctx), pkey, |
161 | ossl_pkcs7_ctx_get0_propq(ctx)); | |
12a765a5 | 162 | if (pctx == NULL) |
0f113f3e MC |
163 | return -1; |
164 | ||
165 | if (EVP_PKEY_decrypt_init(pctx) <= 0) | |
166 | goto err; | |
167 | ||
0f113f3e MC |
168 | if (EVP_PKEY_decrypt(pctx, NULL, &eklen, |
169 | ri->enc_key->data, ri->enc_key->length) <= 0) | |
170 | goto err; | |
171 | ||
172 | ek = OPENSSL_malloc(eklen); | |
173 | ||
174 | if (ek == NULL) { | |
9311d0c4 | 175 | ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
176 | goto err; |
177 | } | |
178 | ||
179 | if (EVP_PKEY_decrypt(pctx, ek, &eklen, | |
5840ed0c BE |
180 | ri->enc_key->data, ri->enc_key->length) <= 0 |
181 | || eklen == 0 | |
182 | || (fixlen != 0 && eklen != fixlen)) { | |
0f113f3e | 183 | ret = 0; |
9311d0c4 | 184 | ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); |
0f113f3e MC |
185 | goto err; |
186 | } | |
187 | ||
188 | ret = 1; | |
189 | ||
4b45c6e5 | 190 | OPENSSL_clear_free(*pek, *peklen); |
0f113f3e MC |
191 | *pek = ek; |
192 | *peklen = eklen; | |
193 | ||
194 | err: | |
c5ba2d99 | 195 | EVP_PKEY_CTX_free(pctx); |
b548a1f1 | 196 | if (!ret) |
0f113f3e MC |
197 | OPENSSL_free(ek); |
198 | ||
199 | return ret; | |
200 | } | |
399a6f0b | 201 | |
6b691a5c | 202 | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) |
0f113f3e MC |
203 | { |
204 | int i; | |
205 | BIO *out = NULL, *btmp = NULL; | |
206 | X509_ALGOR *xa = NULL; | |
90a1f2d7 | 207 | EVP_CIPHER *fetched_cipher = NULL; |
835b2900 | 208 | const EVP_CIPHER *cipher; |
0f113f3e MC |
209 | const EVP_CIPHER *evp_cipher = NULL; |
210 | STACK_OF(X509_ALGOR) *md_sk = NULL; | |
211 | STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; | |
212 | X509_ALGOR *xalg = NULL; | |
213 | PKCS7_RECIP_INFO *ri = NULL; | |
214 | ASN1_OCTET_STRING *os = NULL; | |
90a1f2d7 | 215 | const PKCS7_CTX *p7_ctx; |
038f4dc6 SL |
216 | OSSL_LIB_CTX *libctx; |
217 | const char *propq; | |
0f113f3e | 218 | |
c225c3cf | 219 | if (p7 == NULL) { |
9311d0c4 | 220 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); |
c225c3cf EK |
221 | return NULL; |
222 | } | |
681618cf SL |
223 | p7_ctx = ossl_pkcs7_get0_ctx(p7); |
224 | libctx = ossl_pkcs7_ctx_get0_libctx(p7_ctx); | |
225 | propq = ossl_pkcs7_ctx_get0_propq(p7_ctx); | |
90a1f2d7 | 226 | |
c225c3cf EK |
227 | /* |
228 | * The content field in the PKCS7 ContentInfo is optional, but that really | |
229 | * only applies to inner content (precisely, detached signatures). | |
230 | * | |
231 | * When reading content, missing outer content is therefore treated as an | |
232 | * error. | |
233 | * | |
234 | * When creating content, PKCS7_content_new() must be called before | |
235 | * calling this method, so a NULL p7->d is always an error. | |
236 | */ | |
237 | if (p7->d.ptr == NULL) { | |
9311d0c4 | 238 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
c225c3cf EK |
239 | return NULL; |
240 | } | |
241 | ||
0f113f3e MC |
242 | i = OBJ_obj2nid(p7->type); |
243 | p7->state = PKCS7_S_HEADER; | |
244 | ||
245 | switch (i) { | |
246 | case NID_pkcs7_signed: | |
247 | md_sk = p7->d.sign->md_algs; | |
248 | os = PKCS7_get_octet_string(p7->d.sign->contents); | |
249 | break; | |
250 | case NID_pkcs7_signedAndEnveloped: | |
251 | rsk = p7->d.signed_and_enveloped->recipientinfo; | |
252 | md_sk = p7->d.signed_and_enveloped->md_algs; | |
253 | xalg = p7->d.signed_and_enveloped->enc_data->algorithm; | |
254 | evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher; | |
255 | if (evp_cipher == NULL) { | |
9311d0c4 | 256 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED); |
0f113f3e MC |
257 | goto err; |
258 | } | |
259 | break; | |
260 | case NID_pkcs7_enveloped: | |
261 | rsk = p7->d.enveloped->recipientinfo; | |
262 | xalg = p7->d.enveloped->enc_data->algorithm; | |
263 | evp_cipher = p7->d.enveloped->enc_data->cipher; | |
264 | if (evp_cipher == NULL) { | |
9311d0c4 | 265 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED); |
0f113f3e MC |
266 | goto err; |
267 | } | |
268 | break; | |
269 | case NID_pkcs7_digest: | |
270 | xa = p7->d.digest->md; | |
271 | os = PKCS7_get_octet_string(p7->d.digest->contents); | |
272 | break; | |
273 | case NID_pkcs7_data: | |
274 | break; | |
275 | default: | |
9311d0c4 | 276 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
0f113f3e MC |
277 | goto err; |
278 | } | |
279 | ||
280 | for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) | |
90a1f2d7 | 281 | if (!pkcs7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i), p7_ctx)) |
0f113f3e MC |
282 | goto err; |
283 | ||
90a1f2d7 | 284 | if (xa && !pkcs7_bio_add_digest(&out, xa, p7_ctx)) |
0f113f3e MC |
285 | goto err; |
286 | ||
287 | if (evp_cipher != NULL) { | |
288 | unsigned char key[EVP_MAX_KEY_LENGTH]; | |
289 | unsigned char iv[EVP_MAX_IV_LENGTH]; | |
290 | int keylen, ivlen; | |
291 | EVP_CIPHER_CTX *ctx; | |
292 | ||
293 | if ((btmp = BIO_new(BIO_f_cipher())) == NULL) { | |
9311d0c4 | 294 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
295 | goto err; |
296 | } | |
297 | BIO_get_cipher_ctx(btmp, &ctx); | |
298 | keylen = EVP_CIPHER_key_length(evp_cipher); | |
299 | ivlen = EVP_CIPHER_iv_length(evp_cipher); | |
300 | xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); | |
301 | if (ivlen > 0) | |
038f4dc6 | 302 | if (RAND_bytes_ex(libctx, iv, ivlen) <= 0) |
0f113f3e | 303 | goto err; |
90a1f2d7 | 304 | |
835b2900 | 305 | (void)ERR_set_mark(); |
038f4dc6 | 306 | fetched_cipher = EVP_CIPHER_fetch(libctx, |
90a1f2d7 | 307 | EVP_CIPHER_name(evp_cipher), |
038f4dc6 | 308 | propq); |
0f0b7dfb | 309 | (void)ERR_pop_to_mark(); |
835b2900 DB |
310 | if (fetched_cipher != NULL) |
311 | cipher = fetched_cipher; | |
312 | else | |
313 | cipher = evp_cipher; | |
314 | ||
835b2900 | 315 | if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) <= 0) |
90a1f2d7 SL |
316 | goto err; |
317 | ||
318 | EVP_CIPHER_free(fetched_cipher); | |
319 | fetched_cipher = NULL; | |
320 | ||
0f113f3e MC |
321 | if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) |
322 | goto err; | |
323 | if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) | |
324 | goto err; | |
325 | ||
326 | if (ivlen > 0) { | |
327 | if (xalg->parameter == NULL) { | |
328 | xalg->parameter = ASN1_TYPE_new(); | |
329 | if (xalg->parameter == NULL) | |
330 | goto err; | |
331 | } | |
332 | if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) | |
333 | goto err; | |
334 | } | |
335 | ||
336 | /* Lets do the pub key stuff :-) */ | |
337 | for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { | |
338 | ri = sk_PKCS7_RECIP_INFO_value(rsk, i); | |
339 | if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) | |
340 | goto err; | |
341 | } | |
342 | OPENSSL_cleanse(key, keylen); | |
343 | ||
344 | if (out == NULL) | |
345 | out = btmp; | |
346 | else | |
347 | BIO_push(out, btmp); | |
348 | btmp = NULL; | |
349 | } | |
350 | ||
351 | if (bio == NULL) { | |
4718f449 | 352 | if (PKCS7_is_detached(p7)) { |
0f113f3e | 353 | bio = BIO_new(BIO_s_null()); |
4718f449 | 354 | } else if (os && os->length > 0) { |
0f113f3e | 355 | bio = BIO_new_mem_buf(os->data, os->length); |
4718f449 | 356 | } else { |
0f113f3e MC |
357 | bio = BIO_new(BIO_s_mem()); |
358 | if (bio == NULL) | |
359 | goto err; | |
360 | BIO_set_mem_eof_return(bio, 0); | |
361 | } | |
4718f449 MC |
362 | if (bio == NULL) |
363 | goto err; | |
0f113f3e MC |
364 | } |
365 | if (out) | |
366 | BIO_push(out, bio); | |
367 | else | |
368 | out = bio; | |
ca3a82c3 RS |
369 | return out; |
370 | ||
0f113f3e | 371 | err: |
90a1f2d7 | 372 | EVP_CIPHER_free(fetched_cipher); |
ca3a82c3 RS |
373 | BIO_free_all(out); |
374 | BIO_free_all(btmp); | |
375 | return NULL; | |
0f113f3e | 376 | } |
dfeab068 | 377 | |
8f2e4fdf | 378 | static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) |
0f113f3e MC |
379 | { |
380 | int ret; | |
381 | ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, | |
a8d8e06b | 382 | X509_get_issuer_name(pcert)); |
0f113f3e MC |
383 | if (ret) |
384 | return ret; | |
1337a3a9 | 385 | return ASN1_INTEGER_cmp(X509_get0_serialNumber(pcert), |
a8d8e06b | 386 | ri->issuer_and_serial->serial); |
0f113f3e | 387 | } |
8f2e4fdf | 388 | |
dfeab068 | 389 | /* int */ |
84fa704c | 390 | BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) |
0f113f3e | 391 | { |
90a1f2d7 | 392 | int i, len; |
0f113f3e MC |
393 | BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL; |
394 | X509_ALGOR *xa; | |
395 | ASN1_OCTET_STRING *data_body = NULL; | |
90a1f2d7 | 396 | EVP_MD *evp_md = NULL; |
bd1bbbfe | 397 | const EVP_MD *md; |
90a1f2d7 | 398 | EVP_CIPHER *evp_cipher = NULL; |
835b2900 | 399 | const EVP_CIPHER *cipher = NULL; |
0f113f3e MC |
400 | EVP_CIPHER_CTX *evp_ctx = NULL; |
401 | X509_ALGOR *enc_alg = NULL; | |
402 | STACK_OF(X509_ALGOR) *md_sk = NULL; | |
403 | STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL; | |
404 | PKCS7_RECIP_INFO *ri = NULL; | |
405 | unsigned char *ek = NULL, *tkey = NULL; | |
406 | int eklen = 0, tkeylen = 0; | |
90a1f2d7 SL |
407 | const char *name; |
408 | const PKCS7_CTX *p7_ctx; | |
038f4dc6 SL |
409 | OSSL_LIB_CTX *libctx; |
410 | const char *propq; | |
0f113f3e | 411 | |
c225c3cf | 412 | if (p7 == NULL) { |
9311d0c4 | 413 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); |
c225c3cf EK |
414 | return NULL; |
415 | } | |
416 | ||
681618cf SL |
417 | p7_ctx = ossl_pkcs7_get0_ctx(p7); |
418 | libctx = ossl_pkcs7_ctx_get0_libctx(p7_ctx); | |
419 | propq = ossl_pkcs7_ctx_get0_propq(p7_ctx); | |
90a1f2d7 | 420 | |
c225c3cf | 421 | if (p7->d.ptr == NULL) { |
9311d0c4 | 422 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
c225c3cf EK |
423 | return NULL; |
424 | } | |
425 | ||
0f113f3e MC |
426 | i = OBJ_obj2nid(p7->type); |
427 | p7->state = PKCS7_S_HEADER; | |
428 | ||
429 | switch (i) { | |
430 | case NID_pkcs7_signed: | |
59302b60 EK |
431 | /* |
432 | * p7->d.sign->contents is a PKCS7 structure consisting of a contentType | |
433 | * field and optional content. | |
434 | * data_body is NULL if that structure has no (=detached) content | |
435 | * or if the contentType is wrong (i.e., not "data"). | |
436 | */ | |
0f113f3e MC |
437 | data_body = PKCS7_get_octet_string(p7->d.sign->contents); |
438 | if (!PKCS7_is_detached(p7) && data_body == NULL) { | |
9311d0c4 | 439 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_SIGNED_DATA_TYPE); |
0f113f3e MC |
440 | goto err; |
441 | } | |
442 | md_sk = p7->d.sign->md_algs; | |
443 | break; | |
444 | case NID_pkcs7_signedAndEnveloped: | |
445 | rsk = p7->d.signed_and_enveloped->recipientinfo; | |
446 | md_sk = p7->d.signed_and_enveloped->md_algs; | |
59302b60 | 447 | /* data_body is NULL if the optional EncryptedContent is missing. */ |
0f113f3e MC |
448 | data_body = p7->d.signed_and_enveloped->enc_data->enc_data; |
449 | enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm; | |
90a1f2d7 SL |
450 | |
451 | name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)); | |
835b2900 DB |
452 | |
453 | (void)ERR_set_mark(); | |
038f4dc6 | 454 | evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); |
835b2900 DB |
455 | if (evp_cipher != NULL) |
456 | cipher = evp_cipher; | |
457 | else | |
458 | cipher = EVP_get_cipherbyname(name); | |
459 | ||
460 | if (cipher == NULL) { | |
461 | (void)ERR_clear_last_mark(); | |
9311d0c4 | 462 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE); |
0f113f3e MC |
463 | goto err; |
464 | } | |
835b2900 | 465 | (void)ERR_pop_to_mark(); |
0f113f3e MC |
466 | break; |
467 | case NID_pkcs7_enveloped: | |
468 | rsk = p7->d.enveloped->recipientinfo; | |
469 | enc_alg = p7->d.enveloped->enc_data->algorithm; | |
59302b60 | 470 | /* data_body is NULL if the optional EncryptedContent is missing. */ |
0f113f3e | 471 | data_body = p7->d.enveloped->enc_data->enc_data; |
90a1f2d7 | 472 | name = OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)); |
835b2900 DB |
473 | |
474 | (void)ERR_set_mark(); | |
038f4dc6 | 475 | evp_cipher = EVP_CIPHER_fetch(libctx, name, propq); |
835b2900 DB |
476 | if (evp_cipher != NULL) |
477 | cipher = evp_cipher; | |
478 | else | |
479 | cipher = EVP_get_cipherbyname(name); | |
480 | ||
481 | if (cipher == NULL) { | |
482 | (void)ERR_clear_last_mark(); | |
9311d0c4 | 483 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE); |
0f113f3e MC |
484 | goto err; |
485 | } | |
835b2900 | 486 | (void)ERR_pop_to_mark(); |
0f113f3e MC |
487 | break; |
488 | default: | |
9311d0c4 | 489 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
0f113f3e MC |
490 | goto err; |
491 | } | |
492 | ||
59302b60 EK |
493 | /* Detached content must be supplied via in_bio instead. */ |
494 | if (data_body == NULL && in_bio == NULL) { | |
9311d0c4 | 495 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
59302b60 EK |
496 | goto err; |
497 | } | |
498 | ||
0f113f3e MC |
499 | /* We will be checking the signature */ |
500 | if (md_sk != NULL) { | |
501 | for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) { | |
502 | xa = sk_X509_ALGOR_value(md_sk, i); | |
503 | if ((btmp = BIO_new(BIO_f_md())) == NULL) { | |
9311d0c4 | 504 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
505 | goto err; |
506 | } | |
507 | ||
90a1f2d7 | 508 | name = OBJ_nid2sn(OBJ_obj2nid(xa->algorithm)); |
bd1bbbfe DB |
509 | |
510 | (void)ERR_set_mark(); | |
038f4dc6 | 511 | evp_md = EVP_MD_fetch(libctx, name, propq); |
bd1bbbfe DB |
512 | if (evp_md != NULL) |
513 | md = evp_md; | |
514 | else | |
515 | md = EVP_get_digestbyname(name); | |
516 | ||
517 | if (md == NULL) { | |
518 | (void)ERR_clear_last_mark(); | |
9311d0c4 | 519 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE); |
0f113f3e MC |
520 | goto err; |
521 | } | |
bd1bbbfe | 522 | (void)ERR_pop_to_mark(); |
0f113f3e | 523 | |
bd1bbbfe | 524 | BIO_set_md(btmp, md); |
90a1f2d7 | 525 | EVP_MD_free(evp_md); |
0f113f3e MC |
526 | if (out == NULL) |
527 | out = btmp; | |
528 | else | |
529 | BIO_push(out, btmp); | |
530 | btmp = NULL; | |
531 | } | |
532 | } | |
533 | ||
835b2900 | 534 | if (cipher != NULL) { |
0f113f3e | 535 | if ((etmp = BIO_new(BIO_f_cipher())) == NULL) { |
9311d0c4 | 536 | ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB); |
0f113f3e MC |
537 | goto err; |
538 | } | |
539 | ||
540 | /* | |
541 | * It was encrypted, we need to decrypt the secret key with the | |
542 | * private key | |
543 | */ | |
544 | ||
545 | /* | |
546 | * Find the recipientInfo which matches the passed certificate (if | |
547 | * any) | |
548 | */ | |
549 | ||
550 | if (pcert) { | |
551 | for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { | |
552 | ri = sk_PKCS7_RECIP_INFO_value(rsk, i); | |
553 | if (!pkcs7_cmp_ri(ri, pcert)) | |
554 | break; | |
555 | ri = NULL; | |
556 | } | |
557 | if (ri == NULL) { | |
9311d0c4 RL |
558 | ERR_raise(ERR_LIB_PKCS7, |
559 | PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); | |
0f113f3e MC |
560 | goto err; |
561 | } | |
562 | } | |
563 | ||
564 | /* If we haven't got a certificate try each ri in turn */ | |
565 | if (pcert == NULL) { | |
566 | /* | |
567 | * Always attempt to decrypt all rinfo even after success as a | |
568 | * defence against MMA timing attacks. | |
569 | */ | |
570 | for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) { | |
571 | ri = sk_PKCS7_RECIP_INFO_value(rsk, i); | |
90a1f2d7 | 572 | ri->ctx = p7_ctx; |
5840ed0c | 573 | if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, |
835b2900 | 574 | EVP_CIPHER_key_length(cipher)) < 0) |
0f113f3e MC |
575 | goto err; |
576 | ERR_clear_error(); | |
577 | } | |
578 | } else { | |
90a1f2d7 | 579 | ri->ctx = p7_ctx; |
0f113f3e | 580 | /* Only exit on fatal errors, not decrypt failure */ |
5840ed0c | 581 | if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0) |
0f113f3e MC |
582 | goto err; |
583 | ERR_clear_error(); | |
584 | } | |
585 | ||
586 | evp_ctx = NULL; | |
587 | BIO_get_cipher_ctx(etmp, &evp_ctx); | |
835b2900 | 588 | if (EVP_CipherInit_ex(evp_ctx, cipher, NULL, NULL, NULL, 0) <= 0) |
0f113f3e MC |
589 | goto err; |
590 | if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0) | |
591 | goto err; | |
592 | /* Generate random key as MMA defence */ | |
eae4a008 SL |
593 | len = EVP_CIPHER_CTX_key_length(evp_ctx); |
594 | if (len <= 0) | |
595 | goto err; | |
596 | tkeylen = (size_t)len; | |
0f113f3e | 597 | tkey = OPENSSL_malloc(tkeylen); |
90945fa3 | 598 | if (tkey == NULL) |
0f113f3e MC |
599 | goto err; |
600 | if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0) | |
601 | goto err; | |
602 | if (ek == NULL) { | |
603 | ek = tkey; | |
604 | eklen = tkeylen; | |
605 | tkey = NULL; | |
606 | } | |
607 | ||
608 | if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { | |
609 | /* | |
610 | * Some S/MIME clients don't use the same key and effective key | |
611 | * length. The key length is determined by the size of the | |
612 | * decrypted RSA key. | |
613 | */ | |
614 | if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) { | |
615 | /* Use random key as MMA defence */ | |
4b45c6e5 | 616 | OPENSSL_clear_free(ek, eklen); |
0f113f3e MC |
617 | ek = tkey; |
618 | eklen = tkeylen; | |
619 | tkey = NULL; | |
620 | } | |
621 | } | |
622 | /* Clear errors so we don't leak information useful in MMA */ | |
623 | ERR_clear_error(); | |
624 | if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0) | |
625 | goto err; | |
626 | ||
4b45c6e5 RS |
627 | OPENSSL_clear_free(ek, eklen); |
628 | ek = NULL; | |
629 | OPENSSL_clear_free(tkey, tkeylen); | |
630 | tkey = NULL; | |
0f113f3e MC |
631 | |
632 | if (out == NULL) | |
633 | out = etmp; | |
634 | else | |
635 | BIO_push(out, etmp); | |
636 | etmp = NULL; | |
637 | } | |
59302b60 | 638 | if (in_bio != NULL) { |
0f113f3e MC |
639 | bio = in_bio; |
640 | } else { | |
0f113f3e MC |
641 | if (data_body->length > 0) |
642 | bio = BIO_new_mem_buf(data_body->data, data_body->length); | |
643 | else { | |
644 | bio = BIO_new(BIO_s_mem()); | |
90945fa3 MC |
645 | if (bio == NULL) |
646 | goto err; | |
0f113f3e MC |
647 | BIO_set_mem_eof_return(bio, 0); |
648 | } | |
649 | if (bio == NULL) | |
650 | goto err; | |
0f113f3e MC |
651 | } |
652 | BIO_push(out, bio); | |
653 | bio = NULL; | |
90a1f2d7 | 654 | EVP_CIPHER_free(evp_cipher); |
4b45c6e5 RS |
655 | return out; |
656 | ||
0f113f3e | 657 | err: |
90a1f2d7 | 658 | EVP_CIPHER_free(evp_cipher); |
4b45c6e5 RS |
659 | OPENSSL_clear_free(ek, eklen); |
660 | OPENSSL_clear_free(tkey, tkeylen); | |
661 | BIO_free_all(out); | |
662 | BIO_free_all(btmp); | |
663 | BIO_free_all(etmp); | |
664 | BIO_free_all(bio); | |
02e112a8 | 665 | return NULL; |
0f113f3e | 666 | } |
d02b48c6 | 667 | |
c5a55463 | 668 | static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) |
0f113f3e MC |
669 | { |
670 | for (;;) { | |
671 | bio = BIO_find_type(bio, BIO_TYPE_MD); | |
672 | if (bio == NULL) { | |
9311d0c4 | 673 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); |
0f113f3e MC |
674 | return NULL; |
675 | } | |
676 | BIO_get_md_ctx(bio, pmd); | |
677 | if (*pmd == NULL) { | |
9311d0c4 | 678 | ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR); |
0f113f3e MC |
679 | return NULL; |
680 | } | |
681 | if (EVP_MD_CTX_type(*pmd) == nid) | |
682 | return bio; | |
683 | bio = BIO_next(bio); | |
684 | } | |
685 | return NULL; | |
686 | } | |
c5a55463 | 687 | |
76fa8f18 | 688 | static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) |
0f113f3e MC |
689 | { |
690 | unsigned char md_data[EVP_MAX_MD_SIZE]; | |
691 | unsigned int md_len; | |
692 | ||
693 | /* Add signing time if not already present */ | |
694 | if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) { | |
695 | if (!PKCS7_add0_attrib_signing_time(si, NULL)) { | |
9311d0c4 | 696 | ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
697 | return 0; |
698 | } | |
699 | } | |
700 | ||
701 | /* Add digest */ | |
702 | if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) { | |
9311d0c4 | 703 | ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); |
0f113f3e MC |
704 | return 0; |
705 | } | |
706 | if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) { | |
9311d0c4 | 707 | ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
708 | return 0; |
709 | } | |
710 | ||
711 | /* Now sign the attributes */ | |
712 | if (!PKCS7_SIGNER_INFO_sign(si)) | |
713 | return 0; | |
714 | ||
715 | return 1; | |
716 | } | |
717 | ||
6b691a5c | 718 | int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) |
0f113f3e MC |
719 | { |
720 | int ret = 0; | |
721 | int i, j; | |
722 | BIO *btmp; | |
723 | PKCS7_SIGNER_INFO *si; | |
6e59a892 | 724 | EVP_MD_CTX *mdc, *ctx_tmp; |
0f113f3e MC |
725 | STACK_OF(X509_ATTRIBUTE) *sk; |
726 | STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL; | |
727 | ASN1_OCTET_STRING *os = NULL; | |
90a1f2d7 | 728 | const PKCS7_CTX *p7_ctx; |
0f113f3e | 729 | |
c225c3cf | 730 | if (p7 == NULL) { |
9311d0c4 | 731 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); |
c225c3cf EK |
732 | return 0; |
733 | } | |
734 | ||
681618cf | 735 | p7_ctx = ossl_pkcs7_get0_ctx(p7); |
90a1f2d7 | 736 | |
c225c3cf | 737 | if (p7->d.ptr == NULL) { |
9311d0c4 | 738 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
c225c3cf EK |
739 | return 0; |
740 | } | |
741 | ||
bfb0641f | 742 | ctx_tmp = EVP_MD_CTX_new(); |
6e59a892 | 743 | if (ctx_tmp == NULL) { |
9311d0c4 | 744 | ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); |
6e59a892 RL |
745 | return 0; |
746 | } | |
747 | ||
0f113f3e MC |
748 | i = OBJ_obj2nid(p7->type); |
749 | p7->state = PKCS7_S_HEADER; | |
750 | ||
751 | switch (i) { | |
752 | case NID_pkcs7_data: | |
753 | os = p7->d.data; | |
754 | break; | |
755 | case NID_pkcs7_signedAndEnveloped: | |
756 | /* XXXXXXXXXXXXXXXX */ | |
757 | si_sk = p7->d.signed_and_enveloped->signer_info; | |
758 | os = p7->d.signed_and_enveloped->enc_data->enc_data; | |
90945fa3 | 759 | if (os == NULL) { |
f422a514 | 760 | os = ASN1_OCTET_STRING_new(); |
90945fa3 | 761 | if (os == NULL) { |
9311d0c4 | 762 | ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
763 | goto err; |
764 | } | |
765 | p7->d.signed_and_enveloped->enc_data->enc_data = os; | |
766 | } | |
767 | break; | |
768 | case NID_pkcs7_enveloped: | |
769 | /* XXXXXXXXXXXXXXXX */ | |
770 | os = p7->d.enveloped->enc_data->enc_data; | |
90945fa3 | 771 | if (os == NULL) { |
f422a514 | 772 | os = ASN1_OCTET_STRING_new(); |
90945fa3 | 773 | if (os == NULL) { |
9311d0c4 | 774 | ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); |
0f113f3e MC |
775 | goto err; |
776 | } | |
777 | p7->d.enveloped->enc_data->enc_data = os; | |
778 | } | |
779 | break; | |
780 | case NID_pkcs7_signed: | |
781 | si_sk = p7->d.sign->signer_info; | |
782 | os = PKCS7_get_octet_string(p7->d.sign->contents); | |
783 | /* If detached data then the content is excluded */ | |
784 | if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { | |
f422a514 | 785 | ASN1_OCTET_STRING_free(os); |
c225c3cf | 786 | os = NULL; |
0f113f3e MC |
787 | p7->d.sign->contents->d.data = NULL; |
788 | } | |
789 | break; | |
790 | ||
791 | case NID_pkcs7_digest: | |
792 | os = PKCS7_get_octet_string(p7->d.digest->contents); | |
793 | /* If detached data then the content is excluded */ | |
794 | if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) { | |
f422a514 | 795 | ASN1_OCTET_STRING_free(os); |
c225c3cf | 796 | os = NULL; |
0f113f3e MC |
797 | p7->d.digest->contents->d.data = NULL; |
798 | } | |
799 | break; | |
800 | ||
801 | default: | |
9311d0c4 | 802 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
0f113f3e MC |
803 | goto err; |
804 | } | |
805 | ||
806 | if (si_sk != NULL) { | |
807 | for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) { | |
808 | si = sk_PKCS7_SIGNER_INFO_value(si_sk, i); | |
809 | if (si->pkey == NULL) | |
810 | continue; | |
811 | ||
812 | j = OBJ_obj2nid(si->digest_alg->algorithm); | |
813 | ||
814 | btmp = bio; | |
815 | ||
816 | btmp = PKCS7_find_digest(&mdc, btmp, j); | |
817 | ||
818 | if (btmp == NULL) | |
819 | goto err; | |
820 | ||
821 | /* | |
822 | * We now have the EVP_MD_CTX, lets do the signing. | |
823 | */ | |
6e59a892 | 824 | if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc)) |
0f113f3e MC |
825 | goto err; |
826 | ||
827 | sk = si->auth_attr; | |
828 | ||
829 | /* | |
830 | * If there are attributes, we add the digest attribute and only | |
831 | * sign the attributes | |
832 | */ | |
833 | if (sk_X509_ATTRIBUTE_num(sk) > 0) { | |
6e59a892 | 834 | if (!do_pkcs7_signed_attrib(si, ctx_tmp)) |
0f113f3e MC |
835 | goto err; |
836 | } else { | |
837 | unsigned char *abuf = NULL; | |
838 | unsigned int abuflen; | |
839 | abuflen = EVP_PKEY_size(si->pkey); | |
840 | abuf = OPENSSL_malloc(abuflen); | |
90945fa3 | 841 | if (abuf == NULL) |
0f113f3e MC |
842 | goto err; |
843 | ||
d8652be0 | 844 | if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey, |
681618cf SL |
845 | ossl_pkcs7_ctx_get0_libctx(p7_ctx), |
846 | ossl_pkcs7_ctx_get0_propq(p7_ctx))) { | |
d54ac5c4 | 847 | OPENSSL_free(abuf); |
9311d0c4 | 848 | ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB); |
0f113f3e MC |
849 | goto err; |
850 | } | |
851 | ASN1_STRING_set0(si->enc_digest, abuf, abuflen); | |
852 | } | |
853 | } | |
854 | } else if (i == NID_pkcs7_digest) { | |
855 | unsigned char md_data[EVP_MAX_MD_SIZE]; | |
856 | unsigned int md_len; | |
857 | if (!PKCS7_find_digest(&mdc, bio, | |
858 | OBJ_obj2nid(p7->d.digest->md->algorithm))) | |
859 | goto err; | |
860 | if (!EVP_DigestFinal_ex(mdc, md_data, &md_len)) | |
861 | goto err; | |
d356dc56 MC |
862 | if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len)) |
863 | goto err; | |
0f113f3e MC |
864 | } |
865 | ||
c225c3cf | 866 | if (!PKCS7_is_detached(p7)) { |
0f113f3e | 867 | /* |
c225c3cf EK |
868 | * NOTE(emilia): I think we only reach os == NULL here because detached |
869 | * digested data support is broken. | |
0f113f3e | 870 | */ |
c225c3cf EK |
871 | if (os == NULL) |
872 | goto err; | |
873 | if (!(os->flags & ASN1_STRING_FLAG_NDEF)) { | |
874 | char *cont; | |
875 | long contlen; | |
876 | btmp = BIO_find_type(bio, BIO_TYPE_MEM); | |
877 | if (btmp == NULL) { | |
9311d0c4 | 878 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MEM_BIO); |
c225c3cf EK |
879 | goto err; |
880 | } | |
881 | contlen = BIO_get_mem_data(btmp, &cont); | |
882 | /* | |
883 | * Mark the BIO read only then we can use its copy of the data | |
884 | * instead of making an extra copy. | |
885 | */ | |
886 | BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); | |
887 | BIO_set_mem_eof_return(btmp, 0); | |
888 | ASN1_STRING_set0(os, (unsigned char *)cont, contlen); | |
889 | } | |
0f113f3e MC |
890 | } |
891 | ret = 1; | |
892 | err: | |
bfb0641f | 893 | EVP_MD_CTX_free(ctx_tmp); |
26a7d938 | 894 | return ret; |
0f113f3e | 895 | } |
d02b48c6 | 896 | |
76fa8f18 | 897 | int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) |
0f113f3e | 898 | { |
6e59a892 | 899 | EVP_MD_CTX *mctx; |
e6803117 | 900 | EVP_PKEY_CTX *pctx = NULL; |
0f113f3e MC |
901 | unsigned char *abuf = NULL; |
902 | int alen; | |
903 | size_t siglen; | |
904 | const EVP_MD *md = NULL; | |
90a1f2d7 | 905 | const PKCS7_CTX *ctx = si->ctx; |
0f113f3e MC |
906 | |
907 | md = EVP_get_digestbyobj(si->digest_alg->algorithm); | |
908 | if (md == NULL) | |
909 | return 0; | |
910 | ||
bfb0641f | 911 | mctx = EVP_MD_CTX_new(); |
6e59a892 | 912 | if (mctx == NULL) { |
9311d0c4 | 913 | ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); |
6e59a892 RL |
914 | goto err; |
915 | } | |
916 | ||
038f4dc6 | 917 | if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_name(md), |
681618cf | 918 | ossl_pkcs7_ctx_get0_libctx(ctx), |
1666eec8 P |
919 | ossl_pkcs7_ctx_get0_propq(ctx), si->pkey, |
920 | NULL) <= 0) | |
0f113f3e MC |
921 | goto err; |
922 | ||
0f113f3e MC |
923 | alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf, |
924 | ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); | |
925 | if (!abuf) | |
926 | goto err; | |
6e59a892 | 927 | if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0) |
0f113f3e MC |
928 | goto err; |
929 | OPENSSL_free(abuf); | |
930 | abuf = NULL; | |
6e59a892 | 931 | if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0) |
0f113f3e MC |
932 | goto err; |
933 | abuf = OPENSSL_malloc(siglen); | |
90945fa3 | 934 | if (abuf == NULL) |
0f113f3e | 935 | goto err; |
6e59a892 | 936 | if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0) |
0f113f3e MC |
937 | goto err; |
938 | ||
bfb0641f | 939 | EVP_MD_CTX_free(mctx); |
0f113f3e MC |
940 | |
941 | ASN1_STRING_set0(si->enc_digest, abuf, siglen); | |
942 | ||
943 | return 1; | |
944 | ||
945 | err: | |
b548a1f1 | 946 | OPENSSL_free(abuf); |
bfb0641f | 947 | EVP_MD_CTX_free(mctx); |
0f113f3e | 948 | return 0; |
0f113f3e | 949 | } |
76fa8f18 | 950 | |
6b691a5c | 951 | int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, |
0f113f3e MC |
952 | PKCS7 *p7, PKCS7_SIGNER_INFO *si) |
953 | { | |
954 | PKCS7_ISSUER_AND_SERIAL *ias; | |
955 | int ret = 0, i; | |
956 | STACK_OF(X509) *cert; | |
957 | X509 *x509; | |
958 | ||
c225c3cf | 959 | if (p7 == NULL) { |
9311d0c4 | 960 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER); |
c225c3cf EK |
961 | return 0; |
962 | } | |
963 | ||
964 | if (p7->d.ptr == NULL) { | |
9311d0c4 | 965 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT); |
c225c3cf EK |
966 | return 0; |
967 | } | |
968 | ||
0f113f3e MC |
969 | if (PKCS7_type_is_signed(p7)) { |
970 | cert = p7->d.sign->cert; | |
971 | } else if (PKCS7_type_is_signedAndEnveloped(p7)) { | |
972 | cert = p7->d.signed_and_enveloped->cert; | |
973 | } else { | |
9311d0c4 | 974 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_PKCS7_TYPE); |
0f113f3e MC |
975 | goto err; |
976 | } | |
977 | /* XXXXXXXXXXXXXXXXXXXXXXX */ | |
978 | ias = si->issuer_and_serial; | |
979 | ||
980 | x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial); | |
981 | ||
982 | /* were we able to find the cert in passed to us */ | |
983 | if (x509 == NULL) { | |
9311d0c4 | 984 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); |
0f113f3e MC |
985 | goto err; |
986 | } | |
987 | ||
988 | /* Lets verify */ | |
989 | if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) { | |
9311d0c4 | 990 | ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); |
0f113f3e MC |
991 | goto err; |
992 | } | |
993 | X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); | |
994 | i = X509_verify_cert(ctx); | |
995 | if (i <= 0) { | |
9311d0c4 | 996 | ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB); |
0f113f3e MC |
997 | goto err; |
998 | } | |
0f113f3e MC |
999 | |
1000 | return PKCS7_signatureVerify(bio, p7, si, x509); | |
1001 | err: | |
1002 | return ret; | |
1003 | } | |
170afce5 DSH |
1004 | |
1005 | int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, | |
0f113f3e | 1006 | X509 *x509) |
dfeab068 | 1007 | { |
0f113f3e | 1008 | ASN1_OCTET_STRING *os; |
6e59a892 | 1009 | EVP_MD_CTX *mdc_tmp, *mdc; |
bd1bbbfe | 1010 | const EVP_MD *md; |
90a1f2d7 | 1011 | EVP_MD *fetched_md = NULL; |
0f113f3e MC |
1012 | int ret = 0, i; |
1013 | int md_type; | |
1014 | STACK_OF(X509_ATTRIBUTE) *sk; | |
1015 | BIO *btmp; | |
1016 | EVP_PKEY *pkey; | |
681618cf SL |
1017 | const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7); |
1018 | OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx); | |
1019 | const char *propq = ossl_pkcs7_ctx_get0_propq(ctx); | |
0f113f3e | 1020 | |
bfb0641f | 1021 | mdc_tmp = EVP_MD_CTX_new(); |
6e59a892 | 1022 | if (mdc_tmp == NULL) { |
9311d0c4 | 1023 | ERR_raise(ERR_LIB_PKCS7, ERR_R_MALLOC_FAILURE); |
6e59a892 RL |
1024 | goto err; |
1025 | } | |
0f113f3e MC |
1026 | |
1027 | if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) { | |
9311d0c4 | 1028 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_PKCS7_TYPE); |
0f113f3e MC |
1029 | goto err; |
1030 | } | |
1031 | ||
1032 | md_type = OBJ_obj2nid(si->digest_alg->algorithm); | |
1033 | ||
1034 | btmp = bio; | |
1035 | for (;;) { | |
1036 | if ((btmp == NULL) || | |
1037 | ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) { | |
9311d0c4 | 1038 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); |
0f113f3e MC |
1039 | goto err; |
1040 | } | |
1041 | BIO_get_md_ctx(btmp, &mdc); | |
1042 | if (mdc == NULL) { | |
9311d0c4 | 1043 | ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR); |
0f113f3e MC |
1044 | goto err; |
1045 | } | |
1046 | if (EVP_MD_CTX_type(mdc) == md_type) | |
1047 | break; | |
1048 | /* | |
1049 | * Workaround for some broken clients that put the signature OID | |
1050 | * instead of the digest OID in digest_alg->algorithm | |
1051 | */ | |
f6c95e46 | 1052 | if (EVP_MD_pkey_type(EVP_MD_CTX_get0_md(mdc)) == md_type) |
0f113f3e MC |
1053 | break; |
1054 | btmp = BIO_next(btmp); | |
1055 | } | |
1056 | ||
1057 | /* | |
1058 | * mdc is the digest ctx that we want, unless there are attributes, in | |
1059 | * which case the digest is the signed attributes | |
1060 | */ | |
6e59a892 | 1061 | if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc)) |
0f113f3e MC |
1062 | goto err; |
1063 | ||
1064 | sk = si->auth_attr; | |
1065 | if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) { | |
1066 | unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; | |
1067 | unsigned int md_len; | |
1068 | int alen; | |
1069 | ASN1_OCTET_STRING *message_digest; | |
1070 | ||
6e59a892 | 1071 | if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len)) |
0f113f3e MC |
1072 | goto err; |
1073 | message_digest = PKCS7_digest_from_attributes(sk); | |
1074 | if (!message_digest) { | |
9311d0c4 | 1075 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); |
0f113f3e MC |
1076 | goto err; |
1077 | } | |
1078 | if ((message_digest->length != (int)md_len) || | |
1079 | (memcmp(message_digest->data, md_dat, md_len))) { | |
9311d0c4 | 1080 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_DIGEST_FAILURE); |
0f113f3e MC |
1081 | ret = -1; |
1082 | goto err; | |
1083 | } | |
1084 | ||
bd1bbbfe | 1085 | (void)ERR_set_mark(); |
038f4dc6 | 1086 | fetched_md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq); |
bd1bbbfe DB |
1087 | |
1088 | if (fetched_md != NULL) | |
1089 | md = fetched_md; | |
1090 | else | |
1091 | md = EVP_get_digestbynid(md_type); | |
1092 | ||
1093 | if (md == NULL || !EVP_VerifyInit_ex(mdc_tmp, md, NULL)) { | |
1094 | (void)ERR_clear_last_mark(); | |
0f113f3e | 1095 | goto err; |
bd1bbbfe DB |
1096 | } |
1097 | (void)ERR_pop_to_mark(); | |
0f113f3e MC |
1098 | |
1099 | alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, | |
1100 | ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); | |
1101 | if (alen <= 0) { | |
9311d0c4 | 1102 | ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB); |
0f113f3e MC |
1103 | ret = -1; |
1104 | goto err; | |
1105 | } | |
6e59a892 | 1106 | if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen)) |
0f113f3e MC |
1107 | goto err; |
1108 | ||
1109 | OPENSSL_free(abuf); | |
1110 | } | |
1111 | ||
1112 | os = si->enc_digest; | |
8382fd3a | 1113 | pkey = X509_get0_pubkey(x509); |
12a765a5 | 1114 | if (pkey == NULL) { |
0f113f3e MC |
1115 | ret = -1; |
1116 | goto err; | |
1117 | } | |
1118 | ||
038f4dc6 | 1119 | i = EVP_VerifyFinal_ex(mdc_tmp, os->data, os->length, pkey, libctx, propq); |
0f113f3e | 1120 | if (i <= 0) { |
9311d0c4 | 1121 | ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE); |
0f113f3e MC |
1122 | ret = -1; |
1123 | goto err; | |
c5ba2d99 RS |
1124 | } |
1125 | ret = 1; | |
0f113f3e | 1126 | err: |
bfb0641f | 1127 | EVP_MD_CTX_free(mdc_tmp); |
90a1f2d7 | 1128 | EVP_MD_free(fetched_md); |
26a7d938 | 1129 | return ret; |
0f113f3e | 1130 | } |
d02b48c6 | 1131 | |
6b691a5c | 1132 | PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) |
0f113f3e MC |
1133 | { |
1134 | STACK_OF(PKCS7_RECIP_INFO) *rsk; | |
1135 | PKCS7_RECIP_INFO *ri; | |
1136 | int i; | |
1137 | ||
1138 | i = OBJ_obj2nid(p7->type); | |
1139 | if (i != NID_pkcs7_signedAndEnveloped) | |
1140 | return NULL; | |
1141 | if (p7->d.signed_and_enveloped == NULL) | |
1142 | return NULL; | |
1143 | rsk = p7->d.signed_and_enveloped->recipientinfo; | |
1144 | if (rsk == NULL) | |
1145 | return NULL; | |
0f113f3e | 1146 | if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) |
26a7d938 | 1147 | return NULL; |
0f113f3e | 1148 | ri = sk_PKCS7_RECIP_INFO_value(rsk, idx); |
26a7d938 | 1149 | return ri->issuer_and_serial; |
0f113f3e | 1150 | } |
dfeab068 | 1151 | |
63b64f19 | 1152 | ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid) |
0f113f3e | 1153 | { |
26a7d938 | 1154 | return get_attribute(si->auth_attr, nid); |
0f113f3e | 1155 | } |
dfeab068 | 1156 | |
63b64f19 | 1157 | ASN1_TYPE *PKCS7_get_attribute(const PKCS7_SIGNER_INFO *si, int nid) |
0f113f3e | 1158 | { |
26a7d938 | 1159 | return get_attribute(si->unauth_attr, nid); |
0f113f3e | 1160 | } |
dfeab068 | 1161 | |
63b64f19 | 1162 | static ASN1_TYPE *get_attribute(const STACK_OF(X509_ATTRIBUTE) *sk, int nid) |
0f113f3e | 1163 | { |
9b0a4531 | 1164 | int idx; |
0f113f3e | 1165 | X509_ATTRIBUTE *xa; |
9b0a4531 DSH |
1166 | idx = X509at_get_attr_by_NID(sk, nid, -1); |
1167 | xa = X509at_get_attr(sk, idx); | |
1168 | return X509_ATTRIBUTE_get0_type(xa, 0); | |
0f113f3e | 1169 | } |
dfeab068 | 1170 | |
b6436ff2 | 1171 | ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) |
10243d97 | 1172 | { |
0f113f3e | 1173 | ASN1_TYPE *astype; |
75ebbd9a | 1174 | if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL) |
0f113f3e MC |
1175 | return NULL; |
1176 | return astype->value.octet_string; | |
10243d97 | 1177 | } |
dfeab068 | 1178 | |
b6436ff2 | 1179 | int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, |
0f113f3e MC |
1180 | STACK_OF(X509_ATTRIBUTE) *sk) |
1181 | { | |
1182 | int i; | |
1183 | ||
222561fe | 1184 | sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free); |
0f113f3e MC |
1185 | p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk); |
1186 | if (p7si->auth_attr == NULL) | |
1187 | return 0; | |
1188 | for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { | |
1189 | if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i, | |
1190 | X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value | |
1191 | (sk, i)))) | |
1192 | == NULL) | |
26a7d938 | 1193 | return 0; |
0f113f3e | 1194 | } |
208fb891 | 1195 | return 1; |
0f113f3e MC |
1196 | } |
1197 | ||
1198 | int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, | |
1199 | STACK_OF(X509_ATTRIBUTE) *sk) | |
1200 | { | |
1201 | int i; | |
1202 | ||
222561fe | 1203 | sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free); |
0f113f3e MC |
1204 | p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk); |
1205 | if (p7si->unauth_attr == NULL) | |
1206 | return 0; | |
1207 | for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { | |
1208 | if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i, | |
1209 | X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value | |
1210 | (sk, i)))) | |
1211 | == NULL) | |
26a7d938 | 1212 | return 0; |
0f113f3e | 1213 | } |
208fb891 | 1214 | return 1; |
0f113f3e | 1215 | } |
dfeab068 | 1216 | |
6b691a5c | 1217 | int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, |
0f113f3e MC |
1218 | void *value) |
1219 | { | |
26a7d938 | 1220 | return add_attribute(&(p7si->auth_attr), nid, atrtype, value); |
0f113f3e | 1221 | } |
dfeab068 | 1222 | |
6b691a5c | 1223 | int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, |
0f113f3e MC |
1224 | void *value) |
1225 | { | |
26a7d938 | 1226 | return add_attribute(&(p7si->unauth_attr), nid, atrtype, value); |
0f113f3e | 1227 | } |
dfeab068 | 1228 | |
b6436ff2 | 1229 | static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, |
0f113f3e MC |
1230 | void *value) |
1231 | { | |
1232 | X509_ATTRIBUTE *attr = NULL; | |
1233 | ||
1234 | if (*sk == NULL) { | |
75ebbd9a | 1235 | if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL) |
0f113f3e MC |
1236 | return 0; |
1237 | new_attrib: | |
75ebbd9a | 1238 | if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL) |
0f113f3e MC |
1239 | return 0; |
1240 | if (!sk_X509_ATTRIBUTE_push(*sk, attr)) { | |
1241 | X509_ATTRIBUTE_free(attr); | |
1242 | return 0; | |
1243 | } | |
1244 | } else { | |
1245 | int i; | |
1246 | ||
1247 | for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) { | |
1248 | attr = sk_X509_ATTRIBUTE_value(*sk, i); | |
9b0a4531 | 1249 | if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) { |
0f113f3e MC |
1250 | X509_ATTRIBUTE_free(attr); |
1251 | attr = X509_ATTRIBUTE_create(nid, atrtype, value); | |
1252 | if (attr == NULL) | |
1253 | return 0; | |
1254 | if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) { | |
1255 | X509_ATTRIBUTE_free(attr); | |
1256 | return 0; | |
1257 | } | |
1258 | goto end; | |
1259 | } | |
1260 | } | |
1261 | goto new_attrib; | |
1262 | } | |
1263 | end: | |
208fb891 | 1264 | return 1; |
0f113f3e | 1265 | } |