search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge commit 'dfc115332c94a2f62058ac7f2bce7631fbd20b3d'
[unleashed/tickless.git] / lib / libcrypto / pkcs7 / pk7_doit.c
blob24ab957b4c112297d0a21dd44171260c6c4ae117
1 /* $OpenBSD: pk7_doit.c,v 1.42 2017/05/02 03:59:45 deraadt Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62
63 #include <openssl/err.h>
64 #include <openssl/objects.h>
65 #include <openssl/x509.h>
66 #include <openssl/x509v3.h>
67
68 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
69 void *value);
70 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
71
72 static int
73 PKCS7_type_is_other(PKCS7* p7)
74 {
75 int isOther = 1;
76
77 int nid = OBJ_obj2nid(p7->type);
78
79 switch (nid ) {
80 case NID_pkcs7_data:
81 case NID_pkcs7_signed:
82 case NID_pkcs7_enveloped:
83 case NID_pkcs7_signedAndEnveloped:
84 case NID_pkcs7_digest:
85 case NID_pkcs7_encrypted:
86 isOther = 0;
87 break;
88 default:
89 isOther = 1;
90 }
91
92 return isOther;
93
94 }
95
96 static ASN1_OCTET_STRING *
97 PKCS7_get_octet_string(PKCS7 *p7)
98 {
99 if (PKCS7_type_is_data(p7))
100 return p7->d.data;
101 if (PKCS7_type_is_other(p7) && p7->d.other &&
102 (p7->d.other->type == V_ASN1_OCTET_STRING))
103 return p7->d.other->value.octet_string;
104 return NULL;
105 }
106
107 static int
108 PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
109 {
110 BIO *btmp;
111 const EVP_MD *md;
112 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
113 PKCS7error(ERR_R_BIO_LIB);
114 goto err;
115 }
116
117 md = EVP_get_digestbyobj(alg->algorithm);
118 if (md == NULL) {
119 PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
120 goto err;
121 }
122
123 BIO_set_md(btmp, md);
124 if (*pbio == NULL)
125 *pbio = btmp;
126 else if (!BIO_push(*pbio, btmp)) {
127 PKCS7error(ERR_R_BIO_LIB);
128 goto err;
129 }
130 btmp = NULL;
131
132 return 1;
133
134 err:
135 BIO_free(btmp);
136 return 0;
137
138 }
139
140 static int
141 pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen)
142 {
143 EVP_PKEY_CTX *pctx = NULL;
144 EVP_PKEY *pkey = NULL;
145 unsigned char *ek = NULL;
146 int ret = 0;
147 size_t eklen;
148
149 pkey = X509_get_pubkey(ri->cert);
150 if (!pkey)
151 return 0;
152
153 pctx = EVP_PKEY_CTX_new(pkey, NULL);
154 if (!pctx)
155 return 0;
156
157 if (EVP_PKEY_encrypt_init(pctx) <= 0)
158 goto err;
159
160 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
161 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
162 PKCS7error(PKCS7_R_CTRL_ERROR);
163 goto err;
164 }
165
166 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
167 goto err;
168
169 ek = malloc(eklen);
170
171 if (ek == NULL) {
172 PKCS7error(ERR_R_MALLOC_FAILURE);
173 goto err;
174 }
175
176 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
177 goto err;
178
179 ASN1_STRING_set0(ri->enc_key, ek, eklen);
180 ek = NULL;
181
182 ret = 1;
183
184 err:
185 EVP_PKEY_free(pkey);
186 EVP_PKEY_CTX_free(pctx);
187 free(ek);
188 return ret;
189 }
190
191
192 static int
193 pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
194 EVP_PKEY *pkey)
195 {
196 EVP_PKEY_CTX *pctx = NULL;
197 unsigned char *ek = NULL;
198 size_t eklen;
199
200 int ret = -1;
201
202 pctx = EVP_PKEY_CTX_new(pkey, NULL);
203 if (!pctx)
204 return -1;
205
206 if (EVP_PKEY_decrypt_init(pctx) <= 0)
207 goto err;
208
209 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
210 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
211 PKCS7error(PKCS7_R_CTRL_ERROR);
212 goto err;
213 }
214
215 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
216 ri->enc_key->data, ri->enc_key->length) <= 0)
217 goto err;
218
219 ek = malloc(eklen);
220 if (ek == NULL) {
221 PKCS7error(ERR_R_MALLOC_FAILURE);
222 goto err;
223 }
224
225 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
226 ri->enc_key->data, ri->enc_key->length) <= 0) {
227 ret = 0;
228 PKCS7error(ERR_R_EVP_LIB);
229 goto err;
230 }
231
232 ret = 1;
233
234 freezero(*pek, *peklen);
235
236 *pek = ek;
237 *peklen = eklen;
238
239 err:
240 EVP_PKEY_CTX_free(pctx);
241 if (!ret && ek)
242 free(ek);
243
244 return ret;
245 }
246
247 BIO *
248 PKCS7_dataInit(PKCS7 *p7, BIO *bio)
249 {
250 int i;
251 BIO *out = NULL, *btmp = NULL;
252 X509_ALGOR *xa = NULL;
253 const EVP_CIPHER *evp_cipher = NULL;
254 STACK_OF(X509_ALGOR) *md_sk = NULL;
255 STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
256 X509_ALGOR *xalg = NULL;
257 PKCS7_RECIP_INFO *ri = NULL;
258 ASN1_OCTET_STRING *os = NULL;
259
260 if (p7 == NULL) {
261 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
262 return NULL;
263 }
264
265 /*
266 * The content field in the PKCS7 ContentInfo is optional,
267 * but that really only applies to inner content (precisely,
268 * detached signatures).
269 *
270 * When reading content, missing outer content is therefore
271 * treated as an error.
272 *
273 * When creating content, PKCS7_content_new() must be called
274 * before calling this method, so a NULL p7->d is always
275 * an error.
276 */
277 if (p7->d.ptr == NULL) {
278 PKCS7error(PKCS7_R_NO_CONTENT);
279 return NULL;
280 }
281
282 i = OBJ_obj2nid(p7->type);
283 p7->state = PKCS7_S_HEADER;
284
285 switch (i) {
286 case NID_pkcs7_signed:
287 md_sk = p7->d.sign->md_algs;
288 os = PKCS7_get_octet_string(p7->d.sign->contents);
289 break;
290 case NID_pkcs7_signedAndEnveloped:
291 rsk = p7->d.signed_and_enveloped->recipientinfo;
292 md_sk = p7->d.signed_and_enveloped->md_algs;
293 xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
294 evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
295 if (evp_cipher == NULL) {
296 PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
297 goto err;
298 }
299 break;
300 case NID_pkcs7_enveloped:
301 rsk = p7->d.enveloped->recipientinfo;
302 xalg = p7->d.enveloped->enc_data->algorithm;
303 evp_cipher = p7->d.enveloped->enc_data->cipher;
304 if (evp_cipher == NULL) {
305 PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
306 goto err;
307 }
308 break;
309 case NID_pkcs7_digest:
310 xa = p7->d.digest->md;
311 os = PKCS7_get_octet_string(p7->d.digest->contents);
312 break;
313 case NID_pkcs7_data:
314 break;
315 default:
316 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
317 goto err;
318 }
319
320 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
321 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
322 goto err;
323
324 if (xa && !PKCS7_bio_add_digest(&out, xa))
325 goto err;
326
327 if (evp_cipher != NULL) {
328 unsigned char key[EVP_MAX_KEY_LENGTH];
329 unsigned char iv[EVP_MAX_IV_LENGTH];
330 int keylen, ivlen;
331 EVP_CIPHER_CTX *ctx;
332
333 if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
334 PKCS7error(ERR_R_BIO_LIB);
335 goto err;
336 }
337 BIO_get_cipher_ctx(btmp, &ctx);
338 keylen = EVP_CIPHER_key_length(evp_cipher);
339 ivlen = EVP_CIPHER_iv_length(evp_cipher);
340 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
341 if (ivlen > 0)
342 arc4random_buf(iv, ivlen);
343 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL,
344 NULL, 1) <= 0)
345 goto err;
346 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
347 goto err;
348 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
349 goto err;
350
351 if (ivlen > 0) {
352 if (xalg->parameter == NULL) {
353 xalg->parameter = ASN1_TYPE_new();
354 if (xalg->parameter == NULL)
355 goto err;
356 }
357 if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
358 goto err;
359 }
360
361 /* Lets do the pub key stuff :-) */
362 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
363 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
364 if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
365 goto err;
366 }
367 explicit_bzero(key, keylen);
368
369 if (out == NULL)
370 out = btmp;
371 else
372 BIO_push(out, btmp);
373 btmp = NULL;
374 }
375
376 if (bio == NULL) {
377 if (PKCS7_is_detached(p7))
378 bio = BIO_new(BIO_s_null());
379 else if (os && os->length > 0)
380 bio = BIO_new_mem_buf(os->data, os->length);
381 if (bio == NULL) {
382 bio = BIO_new(BIO_s_mem());
383 if (bio == NULL)
384 goto err;
385 BIO_set_mem_eof_return(bio, 0);
386 }
387 }
388 if (out)
389 BIO_push(out, bio);
390 else
391 out = bio;
392 bio = NULL;
393 if (0) {
394 err:
395 if (out != NULL)
396 BIO_free_all(out);
397 if (btmp != NULL)
398 BIO_free_all(btmp);
399 out = NULL;
400 }
401 return (out);
402 }
403
404 static int
405 pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
406 {
407 int ret;
408
409 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
410 pcert->cert_info->issuer);
411 if (ret)
412 return ret;
413 return ASN1_STRING_cmp(pcert->cert_info->serialNumber,
414 ri->issuer_and_serial->serial);
415 }
416
417 /* int */
418 BIO *
419 PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
420 {
421 int i, j;
422 BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
423 X509_ALGOR *xa;
424 ASN1_OCTET_STRING *data_body = NULL;
425 const EVP_MD *evp_md;
426 const EVP_CIPHER *evp_cipher = NULL;
427 EVP_CIPHER_CTX *evp_ctx = NULL;
428 X509_ALGOR *enc_alg = NULL;
429 STACK_OF(X509_ALGOR) *md_sk = NULL;
430 STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
431 PKCS7_RECIP_INFO *ri = NULL;
432 unsigned char *ek = NULL, *tkey = NULL;
433 int eklen = 0, tkeylen = 0;
434
435 if (p7 == NULL) {
436 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
437 return NULL;
438 }
439
440 if (p7->d.ptr == NULL) {
441 PKCS7error(PKCS7_R_NO_CONTENT);
442 return NULL;
443 }
444
445 i = OBJ_obj2nid(p7->type);
446 p7->state = PKCS7_S_HEADER;
447
448 switch (i) {
449 case NID_pkcs7_signed:
450 data_body = PKCS7_get_octet_string(p7->d.sign->contents);
451 md_sk = p7->d.sign->md_algs;
452 break;
453 case NID_pkcs7_signedAndEnveloped:
454 rsk = p7->d.signed_and_enveloped->recipientinfo;
455 md_sk = p7->d.signed_and_enveloped->md_algs;
456 data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
457 enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
458 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
459 if (evp_cipher == NULL) {
460 PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
461 goto err;
462 }
463 break;
464 case NID_pkcs7_enveloped:
465 rsk = p7->d.enveloped->recipientinfo;
466 enc_alg = p7->d.enveloped->enc_data->algorithm;
467 data_body = p7->d.enveloped->enc_data->enc_data;
468 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
469 if (evp_cipher == NULL) {
470 PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
471 goto err;
472 }
473 break;
474 default:
475 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
476 goto err;
477 }
478
479 /* We will be checking the signature */
480 if (md_sk != NULL) {
481 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
482 xa = sk_X509_ALGOR_value(md_sk, i);
483 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
484 PKCS7error(ERR_R_BIO_LIB);
485 goto err;
486 }
487
488 j = OBJ_obj2nid(xa->algorithm);
489 evp_md = EVP_get_digestbynid(j);
490 if (evp_md == NULL) {
491 PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
492 goto err;
493 }
494
495 BIO_set_md(btmp, evp_md);
496 if (out == NULL)
497 out = btmp;
498 else
499 BIO_push(out, btmp);
500 btmp = NULL;
501 }
502 }
503
504 if (evp_cipher != NULL) {
505 if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
506 PKCS7error(ERR_R_BIO_LIB);
507 goto err;
508 }
509
510 /* It was encrypted, we need to decrypt the secret key
511 * with the private key */
512
513 /* Find the recipientInfo which matches the passed certificate
514 * (if any)
515 */
516 if (pcert) {
517 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
518 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
519 if (!pkcs7_cmp_ri(ri, pcert))
520 break;
521 ri = NULL;
522 }
523 if (ri == NULL) {
524 PKCS7error(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
525 goto err;
526 }
527 }
528
529 /* If we haven't got a certificate try each ri in turn */
530 if (pcert == NULL) {
531 /* Always attempt to decrypt all rinfo even
532 * after sucess as a defence against MMA timing
533 * attacks.
534 */
535 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
536 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
537
538 if (pkcs7_decrypt_rinfo(&ek, &eklen,
539 ri, pkey) < 0)
540 goto err;
541 ERR_clear_error();
542 }
543 } else {
544 /* Only exit on fatal errors, not decrypt failure */
545 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
546 goto err;
547 ERR_clear_error();
548 }
549
550 evp_ctx = NULL;
551 BIO_get_cipher_ctx(etmp, &evp_ctx);
552 if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL,
553 NULL, 0) <= 0)
554 goto err;
555 if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
556 goto err;
557 /* Generate random key as MMA defence */
558 tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
559 tkey = malloc(tkeylen);
560 if (!tkey)
561 goto err;
562 if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
563 goto err;
564 if (ek == NULL) {
565 ek = tkey;
566 eklen = tkeylen;
567 tkey = NULL;
568 }
569
570 if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
571 /* Some S/MIME clients don't use the same key
572 * and effective key length. The key length is
573 * determined by the size of the decrypted RSA key.
574 */
575 if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
576 /* Use random key as MMA defence */
577 freezero(ek, eklen);
578 ek = tkey;
579 eklen = tkeylen;
580 tkey = NULL;
581 }
582 }
583 /* Clear errors so we don't leak information useful in MMA */
584 ERR_clear_error();
585 if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
586 goto err;
587
588 freezero(ek, eklen);
589 ek = NULL;
590 freezero(tkey, tkeylen);
591 tkey = NULL;
592
593 if (out == NULL)
594 out = etmp;
595 else
596 BIO_push(out, etmp);
597 etmp = NULL;
598 }
599
600 if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
601 bio = in_bio;
602 } else {
603 if (data_body != NULL && data_body->length > 0)
604 bio = BIO_new_mem_buf(data_body->data, data_body->length);
605 else {
606 bio = BIO_new(BIO_s_mem());
607 BIO_set_mem_eof_return(bio, 0);
608 }
609 if (bio == NULL)
610 goto err;
611 }
612 BIO_push(out, bio);
613
614 if (0) {
615 err:
616 freezero(ek, eklen);
617 freezero(tkey, tkeylen);
618 if (out != NULL)
619 BIO_free_all(out);
620 if (btmp != NULL)
621 BIO_free_all(btmp);
622 if (etmp != NULL)
623 BIO_free_all(etmp);
624 out = NULL;
625 }
626 return (out);
627 }
628
629 static BIO *
630 PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
631 {
632 for (;;) {
633 bio = BIO_find_type(bio, BIO_TYPE_MD);
634 if (bio == NULL) {
635 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
636 return NULL;
637 }
638 BIO_get_md_ctx(bio, pmd);
639 if (*pmd == NULL) {
640 PKCS7error(ERR_R_INTERNAL_ERROR);
641 return NULL;
642 }
643 if (EVP_MD_CTX_type(*pmd) == nid)
644 return bio;
645 bio = BIO_next(bio);
646 }
647 return NULL;
648 }
649
650 static int
651 do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
652 {
653 unsigned char md_data[EVP_MAX_MD_SIZE];
654 unsigned int md_len;
655
656 /* Add signing time if not already present */
657 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
658 if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
659 PKCS7error(ERR_R_MALLOC_FAILURE);
660 return 0;
661 }
662 }
663
664 /* Add digest */
665 if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
666 PKCS7error(ERR_R_EVP_LIB);
667 return 0;
668 }
669 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
670 PKCS7error(ERR_R_MALLOC_FAILURE);
671 return 0;
672 }
673
674 /* Now sign the attributes */
675 if (!PKCS7_SIGNER_INFO_sign(si))
676 return 0;
677
678 return 1;
679 }
680
681
682 int
683 PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
684 {
685 int ret = 0;
686 int i, j;
687 BIO *btmp;
688 PKCS7_SIGNER_INFO *si;
689 EVP_MD_CTX *mdc, ctx_tmp;
690 STACK_OF(X509_ATTRIBUTE) *sk;
691 STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
692 ASN1_OCTET_STRING *os = NULL;
693
694 if (p7 == NULL) {
695 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
696 return 0;
697 }
698
699 if (p7->d.ptr == NULL) {
700 PKCS7error(PKCS7_R_NO_CONTENT);
701 return 0;
702 }
703
704 EVP_MD_CTX_init(&ctx_tmp);
705 i = OBJ_obj2nid(p7->type);
706 p7->state = PKCS7_S_HEADER;
707
708 switch (i) {
709 case NID_pkcs7_data:
710 os = p7->d.data;
711 break;
712 case NID_pkcs7_signedAndEnveloped:
713 /* XXX */
714 si_sk = p7->d.signed_and_enveloped->signer_info;
715 os = p7->d.signed_and_enveloped->enc_data->enc_data;
716 if (!os) {
717 os = ASN1_OCTET_STRING_new();
718 if (!os) {
719 PKCS7error(ERR_R_MALLOC_FAILURE);
720 goto err;
721 }
722 p7->d.signed_and_enveloped->enc_data->enc_data = os;
723 }
724 break;
725 case NID_pkcs7_enveloped:
726 /* XXX */
727 os = p7->d.enveloped->enc_data->enc_data;
728 if (!os) {
729 os = ASN1_OCTET_STRING_new();
730 if (!os) {
731 PKCS7error(ERR_R_MALLOC_FAILURE);
732 goto err;
733 }
734 p7->d.enveloped->enc_data->enc_data = os;
735 }
736 break;
737 case NID_pkcs7_signed:
738 si_sk = p7->d.sign->signer_info;
739 os = PKCS7_get_octet_string(p7->d.sign->contents);
740 if (!PKCS7_is_detached(p7) && os == NULL) {
741 PKCS7error(PKCS7_R_DECODE_ERROR);
742 goto err;
743 }
744 /* If detached data then the content is excluded */
745 if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
746 ASN1_OCTET_STRING_free(os);
747 os = NULL;
748 p7->d.sign->contents->d.data = NULL;
749 }
750 break;
751
752 case NID_pkcs7_digest:
753 os = PKCS7_get_octet_string(p7->d.digest->contents);
754 if (os == NULL) {
755 PKCS7error(PKCS7_R_DECODE_ERROR);
756 goto err;
757 }
758 /* If detached data then the content is excluded */
759 if (PKCS7_type_is_data(p7->d.digest->contents) &&
760 p7->detached) {
761 ASN1_OCTET_STRING_free(os);
762 os = NULL;
763 p7->d.digest->contents->d.data = NULL;
764 }
765 break;
766
767 default:
768 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
769 goto err;
770 }
771
772 if (si_sk != NULL) {
773 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
774 si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
775 if (si->pkey == NULL)
776 continue;
777
778 j = OBJ_obj2nid(si->digest_alg->algorithm);
779
780 if ((btmp = PKCS7_find_digest(&mdc, bio, j)) == NULL)
781 goto err;
782
783 /* We now have the EVP_MD_CTX, lets do the
784 * signing. */
785 if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
786 goto err;
787
788 sk = si->auth_attr;
789
790 /* If there are attributes, we add the digest
791 * attribute and only sign the attributes */
792 if (sk_X509_ATTRIBUTE_num(sk) > 0) {
793 if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
794 goto err;
795 } else {
796 unsigned char *abuf = NULL;
797 unsigned int abuflen;
798 abuflen = EVP_PKEY_size(si->pkey);
799 abuf = malloc(abuflen);
800 if (!abuf)
801 goto err;
802
803 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
804 si->pkey)) {
805 PKCS7error(ERR_R_EVP_LIB);
806 goto err;
807 }
808 ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
809 }
810 }
811 } else if (i == NID_pkcs7_digest) {
812 unsigned char md_data[EVP_MAX_MD_SIZE];
813 unsigned int md_len;
814
815 if (!PKCS7_find_digest(&mdc, bio,
816 OBJ_obj2nid(p7->d.digest->md->algorithm)))
817 goto err;
818 if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
819 goto err;
820 if (ASN1_STRING_set(p7->d.digest->digest, md_data,
821 md_len) == 0)
822 goto err;
823 }
824
825 if (!PKCS7_is_detached(p7)) {
826 /*
827 * NOTE: only reach os == NULL here because detached
828 * digested data support is broken?
829 */
830 if (os == NULL)
831 goto err;
832 if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
833 char *cont;
834 long contlen;
835
836 btmp = BIO_find_type(bio, BIO_TYPE_MEM);
837 if (btmp == NULL) {
838 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
839 goto err;
840 }
841 contlen = BIO_get_mem_data(btmp, &cont);
842 /*
843 * Mark the BIO read only then we can use its copy
844 * of the data instead of making an extra copy.
845 */
846 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
847 BIO_set_mem_eof_return(btmp, 0);
848 ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
849 }
850 }
851 ret = 1;
852 err:
853 EVP_MD_CTX_cleanup(&ctx_tmp);
854 return (ret);
855 }
856
857 int
858 PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
859 {
860 EVP_MD_CTX mctx;
861 EVP_PKEY_CTX *pctx;
862 unsigned char *abuf = NULL;
863 int alen;
864 size_t siglen;
865 const EVP_MD *md = NULL;
866
867 md = EVP_get_digestbyobj(si->digest_alg->algorithm);
868 if (md == NULL)
869 return 0;
870
871 EVP_MD_CTX_init(&mctx);
872 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
873 goto err;
874
875 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
876 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
877 PKCS7error(PKCS7_R_CTRL_ERROR);
878 goto err;
879 }
880
881 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
882 &PKCS7_ATTR_SIGN_it);
883 if (!abuf)
884 goto err;
885 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
886 goto err;
887 free(abuf);
888 abuf = NULL;
889 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
890 goto err;
891 abuf = malloc(siglen);
892 if (!abuf)
893 goto err;
894 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
895 goto err;
896
897 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
898 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
899 PKCS7error(PKCS7_R_CTRL_ERROR);
900 goto err;
901 }
902
903 EVP_MD_CTX_cleanup(&mctx);
904
905 ASN1_STRING_set0(si->enc_digest, abuf, siglen);
906
907 return 1;
908
909 err:
910 free(abuf);
911 EVP_MD_CTX_cleanup(&mctx);
912 return 0;
913 }
914
915 int
916 PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
917 PKCS7 *p7, PKCS7_SIGNER_INFO *si)
918 {
919 PKCS7_ISSUER_AND_SERIAL *ias;
920 int ret = 0, i;
921 STACK_OF(X509) *cert;
922 X509 *x509;
923
924 if (p7 == NULL) {
925 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
926 return 0;
927 }
928
929 if (p7->d.ptr == NULL) {
930 PKCS7error(PKCS7_R_NO_CONTENT);
931 return 0;
932 }
933
934 if (PKCS7_type_is_signed(p7)) {
935 cert = p7->d.sign->cert;
936 } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
937 cert = p7->d.signed_and_enveloped->cert;
938 } else {
939 PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
940 goto err;
941 }
942 /* XXXX */
943 ias = si->issuer_and_serial;
944
945 x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
946
947 /* were we able to find the cert in passed to us */
948 if (x509 == NULL) {
949 PKCS7error(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
950 goto err;
951 }
952
953 /* Lets verify */
954 if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
955 PKCS7error(ERR_R_X509_LIB);
956 goto err;
957 }
958 if (X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN) == 0) {
959 X509_STORE_CTX_cleanup(ctx);
960 goto err;
961 }
962 i = X509_verify_cert(ctx);
963 if (i <= 0) {
964 PKCS7error(ERR_R_X509_LIB);
965 X509_STORE_CTX_cleanup(ctx);
966 goto err;
967 }
968 X509_STORE_CTX_cleanup(ctx);
969
970 return PKCS7_signatureVerify(bio, p7, si, x509);
971 err:
972
973 return ret;
974 }
975
976 int
977 PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
978 {
979 ASN1_OCTET_STRING *os;
980 EVP_MD_CTX mdc_tmp, *mdc;
981 int ret = 0, i;
982 int md_type;
983 STACK_OF(X509_ATTRIBUTE) *sk;
984 BIO *btmp;
985 EVP_PKEY *pkey;
986
987 EVP_MD_CTX_init(&mdc_tmp);
988
989 if (!PKCS7_type_is_signed(p7) &&
990 !PKCS7_type_is_signedAndEnveloped(p7)) {
991 PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
992 goto err;
993 }
994
995 md_type = OBJ_obj2nid(si->digest_alg->algorithm);
996
997 btmp = bio;
998 for (;;) {
999 if ((btmp == NULL) ||
1000 ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
1001 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1002 goto err;
1003 }
1004 BIO_get_md_ctx(btmp, &mdc);
1005 if (mdc == NULL) {
1006 PKCS7error(ERR_R_INTERNAL_ERROR);
1007 goto err;
1008 }
1009 if (EVP_MD_CTX_type(mdc) == md_type)
1010 break;
1011 /* Workaround for some broken clients that put the signature
1012 * OID instead of the digest OID in digest_alg->algorithm
1013 */
1014 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
1015 break;
1016 btmp = BIO_next(btmp);
1017 }
1018
1019 /* mdc is the digest ctx that we want, unless there are attributes,
1020 * in which case the digest is the signed attributes */
1021 if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
1022 goto err;
1023
1024 sk = si->auth_attr;
1025 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
1026 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
1027 unsigned int md_len;
1028 int alen;
1029 ASN1_OCTET_STRING *message_digest;
1030
1031 if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
1032 goto err;
1033 message_digest = PKCS7_digest_from_attributes(sk);
1034 if (!message_digest) {
1035 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1036 goto err;
1037 }
1038 if ((message_digest->length != (int)md_len) ||
1039 (memcmp(message_digest->data, md_dat, md_len))) {
1040 PKCS7error(PKCS7_R_DIGEST_FAILURE);
1041 ret = -1;
1042 goto err;
1043 }
1044
1045 if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type),
1046 NULL))
1047 goto err;
1048
1049 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
1050 &PKCS7_ATTR_VERIFY_it);
1051 if (alen <= 0) {
1052 PKCS7error(ERR_R_ASN1_LIB);
1053 ret = -1;
1054 goto err;
1055 }
1056 if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
1057 goto err;
1058
1059 free(abuf);
1060 }
1061
1062 os = si->enc_digest;
1063 pkey = X509_get_pubkey(x509);
1064 if (!pkey) {
1065 ret = -1;
1066 goto err;
1067 }
1068
1069 i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
1070 EVP_PKEY_free(pkey);
1071 if (i <= 0) {
1072 PKCS7error(PKCS7_R_SIGNATURE_FAILURE);
1073 ret = -1;
1074 goto err;
1075 } else
1076 ret = 1;
1077 err:
1078 EVP_MD_CTX_cleanup(&mdc_tmp);
1079 return (ret);
1080 }
1081
1082 PKCS7_ISSUER_AND_SERIAL *
1083 PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
1084 {
1085 STACK_OF(PKCS7_RECIP_INFO) *rsk;
1086 PKCS7_RECIP_INFO *ri;
1087 int i;
1088
1089 i = OBJ_obj2nid(p7->type);
1090 if (i != NID_pkcs7_signedAndEnveloped)
1091 return NULL;
1092 if (p7->d.signed_and_enveloped == NULL)
1093 return NULL;
1094 rsk = p7->d.signed_and_enveloped->recipientinfo;
1095 if (rsk == NULL)
1096 return NULL;
1097 ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
1098 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
1099 return (NULL);
1100 ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
1101 return (ri->issuer_and_serial);
1102 }
1103
1104 ASN1_TYPE *
1105 PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
1106 {
1107 return (get_attribute(si->auth_attr, nid));
1108 }
1109
1110 ASN1_TYPE *
1111 PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
1112 {
1113 return (get_attribute(si->unauth_attr, nid));
1114 }
1115
1116 static ASN1_TYPE *
1117 get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
1118 {
1119 int i;
1120 X509_ATTRIBUTE *xa;
1121 ASN1_OBJECT *o;
1122
1123 o = OBJ_nid2obj(nid);
1124 if (!o || !sk)
1125 return (NULL);
1126 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1127 xa = sk_X509_ATTRIBUTE_value(sk, i);
1128 if (OBJ_cmp(xa->object, o) == 0) {
1129 if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
1130 return (sk_ASN1_TYPE_value(xa->value.set, 0));
1131 else
1132 return (NULL);
1133 }
1134 }
1135 return (NULL);
1136 }
1137
1138 ASN1_OCTET_STRING *
1139 PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
1140 {
1141 ASN1_TYPE *astype;
1142
1143 if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
1144 return NULL;
1145 if (astype->type != V_ASN1_OCTET_STRING)
1146 return NULL;
1147 return astype->value.octet_string;
1148 }
1149
1150 int
1151 PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
1152 STACK_OF(X509_ATTRIBUTE) *sk)
1153 {
1154 int i;
1155
1156 if (p7si->auth_attr != NULL)
1157 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,
1158 X509_ATTRIBUTE_free);
1159 p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
1160 if (p7si->auth_attr == NULL)
1161 return 0;
1162 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1163 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
1164 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
1165 == NULL)
1166 return (0);
1167 }
1168 return (1);
1169 }
1170
1171 int
1172 PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
1173 {
1174 int i;
1175
1176 if (p7si->unauth_attr != NULL)
1177 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
1178 X509_ATTRIBUTE_free);
1179 p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
1180 if (p7si->unauth_attr == NULL)
1181 return 0;
1182 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1183 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
1184 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
1185 == NULL)
1186 return (0);
1187 }
1188 return (1);
1189 }
1190
1191 int
1192 PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
1193 void *value)
1194 {
1195 return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
1196 }
1197
1198 int
1199 PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)
1200 {
1201 return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
1202 }
1203
1204 static int
1205 add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value)
1206 {
1207 X509_ATTRIBUTE *attr = NULL;
1208
1209 if (*sk == NULL) {
1210 *sk = sk_X509_ATTRIBUTE_new_null();
1211 if (*sk == NULL)
1212 return 0;
1213 new_attrib:
1214 if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
1215 return 0;
1216 if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
1217 X509_ATTRIBUTE_free(attr);
1218 return 0;
1219 }
1220 } else {
1221 int i;
1222
1223 for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
1224 attr = sk_X509_ATTRIBUTE_value(*sk, i);
1225 if (OBJ_obj2nid(attr->object) == nid) {
1226 X509_ATTRIBUTE_free(attr);
1227 attr = X509_ATTRIBUTE_create(nid, atrtype,
1228 value);
1229 if (attr == NULL)
1230 return 0;
1231 if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
1232 X509_ATTRIBUTE_free(attr);
1233 return 0;
1234 }
1235 goto end;
1236 }
1237 }
1238 goto new_attrib;
1239 }
1240 end:
1241 return (1);
1242 }
unleashed repo fork