1/* crypto/pkcs7/pk7_doit.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59#include <stdio.h> 60#include <openssl/local/cryptlib.h> 61#include <openssl/rand.h> 62#include <openssl/objects.h> 63#include <openssl/x509.h> 64#include <openssl/x509v3.h> 65#include <openssl/err.h> 66 67static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 68 void *value); 69static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); 70 71static int PKCS7_type_is_other(PKCS7* p7) 72 { 73 int isOther=1; 74 75 int nid=OBJ_obj2nid(p7->type); 76 77 switch( nid ) 78 { 79 case NID_pkcs7_data: 80 case NID_pkcs7_signed: 81 case NID_pkcs7_enveloped: 82 case NID_pkcs7_signedAndEnveloped: 83 case NID_pkcs7_digest: 84 case NID_pkcs7_encrypted: 85 isOther=0; 86 break; 87 default: 88 isOther=1; 89 } 90 91 return isOther; 92 93 } 94 95static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) 96 { 97 if ( PKCS7_type_is_data(p7)) 98 return p7->d.data; 99 if ( PKCS7_type_is_other(p7) && p7->d.other 100 && (p7->d.other->type == V_ASN1_OCTET_STRING)) 101 return p7->d.other->value.octet_string; 102 return NULL; 103 } 104 105static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) 106 { 107 BIO *btmp; 108 const EVP_MD *md; 109 if ((btmp=BIO_new(BIO_f_md())) == NULL) 110 { 111 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); 112 goto err; 113 } 114 115 md=EVP_get_digestbyobj(alg->algorithm); 116 if (md == NULL) 117 { 118 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); 119 goto err; 120 } 121 122 BIO_set_md(btmp,md); 123 if (*pbio == NULL) 124 *pbio=btmp; 125 else if (!BIO_push(*pbio,btmp)) 126 { 127 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); 128 goto err; 129 } 130 btmp=NULL; 131 132 return 1; 133 134 err: 135 if (btmp) 136 BIO_free(btmp); 137 return 0; 138 139 } 140 141static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, 142 unsigned char *key, int keylen) 143 { 144 EVP_PKEY_CTX *pctx = NULL; 145 EVP_PKEY *pkey = NULL; 146 unsigned char *ek = NULL; 147 int ret = 0; 148 size_t eklen; 149 150 pkey = X509_get_pubkey(ri->cert); 151 152 if (!pkey) 153 return 0; 154 155 pctx = EVP_PKEY_CTX_new(pkey, NULL); 156 if (!pctx) 157 return 0; 158 159 if (EVP_PKEY_encrypt_init(pctx) <= 0) 160 goto err; 161 162 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, 163 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) 164 { 165 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); 166 goto err; 167 } 168 169 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) 170 goto err; 171 172 ek = OPENSSL_malloc(eklen); 173 174 if (ek == NULL) 175 { 176 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); 177 goto err; 178 } 179 180 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) 181 goto err; 182 183 ASN1_STRING_set0(ri->enc_key, ek, eklen); 184 ek = NULL; 185 186 ret = 1; 187 188 err: 189 if (pkey) 190 EVP_PKEY_free(pkey); 191 if (pctx) 192 EVP_PKEY_CTX_free(pctx); 193 if (ek) 194 OPENSSL_free(ek); 195 return ret; 196 197 } 198 199 200static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, 201 PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) 202 { 203 EVP_PKEY_CTX *pctx = NULL; 204 unsigned char *ek = NULL; 205 size_t eklen; 206 207 int ret = 0; 208 209 pctx = EVP_PKEY_CTX_new(pkey, NULL); 210 if (!pctx) 211 return 0; 212 213 if (EVP_PKEY_decrypt_init(pctx) <= 0) 214 goto err; 215 216 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, 217 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) 218 { 219 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); 220 goto err; 221 } 222 223 if (EVP_PKEY_decrypt(pctx, NULL, &eklen, 224 ri->enc_key->data, ri->enc_key->length) <= 0) 225 goto err; 226 227 ek = OPENSSL_malloc(eklen); 228 229 if (ek == NULL) 230 { 231 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); 232 goto err; 233 } 234 235 if (EVP_PKEY_decrypt(pctx, ek, &eklen, 236 ri->enc_key->data, ri->enc_key->length) <= 0) 237 { 238 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); 239 goto err; 240 } 241 242 ret = 1; 243 244 *pek = ek; 245 *peklen = eklen; 246 247 err: 248 if (pctx) 249 EVP_PKEY_CTX_free(pctx); 250 if (!ret && ek) 251 OPENSSL_free(ek); 252 253 return ret; 254 } 255 256BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 257 { 258 int i; 259 BIO *out=NULL,*btmp=NULL; 260 X509_ALGOR *xa = NULL; 261 const EVP_CIPHER *evp_cipher=NULL; 262 STACK_OF(X509_ALGOR) *md_sk=NULL; 263 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 264 X509_ALGOR *xalg=NULL; 265 PKCS7_RECIP_INFO *ri=NULL; 266 ASN1_OCTET_STRING *os=NULL; 267 268 i=OBJ_obj2nid(p7->type); 269 p7->state=PKCS7_S_HEADER; 270 271 switch (i) 272 { 273 case NID_pkcs7_signed: 274 md_sk=p7->d.sign->md_algs; 275 os = PKCS7_get_octet_string(p7->d.sign->contents); 276 break; 277 case NID_pkcs7_signedAndEnveloped: 278 rsk=p7->d.signed_and_enveloped->recipientinfo; 279 md_sk=p7->d.signed_and_enveloped->md_algs; 280 xalg=p7->d.signed_and_enveloped->enc_data->algorithm; 281 evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; 282 if (evp_cipher == NULL) 283 { 284 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 285 PKCS7_R_CIPHER_NOT_INITIALIZED); 286 goto err; 287 } 288 break; 289 case NID_pkcs7_enveloped: 290 rsk=p7->d.enveloped->recipientinfo; 291 xalg=p7->d.enveloped->enc_data->algorithm; 292 evp_cipher=p7->d.enveloped->enc_data->cipher; 293 if (evp_cipher == NULL) 294 { 295 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 296 PKCS7_R_CIPHER_NOT_INITIALIZED); 297 goto err; 298 } 299 break; 300 case NID_pkcs7_digest: 301 xa = p7->d.digest->md; 302 os = PKCS7_get_octet_string(p7->d.digest->contents); 303 break; 304 case NID_pkcs7_data: 305 break; 306 default: 307 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 308 goto err; 309 } 310 311 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 312 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) 313 goto err; 314 315 if (xa && !PKCS7_bio_add_digest(&out, xa)) 316 goto err; 317 318 if (evp_cipher != NULL) 319 { 320 unsigned char key[EVP_MAX_KEY_LENGTH]; 321 unsigned char iv[EVP_MAX_IV_LENGTH]; 322 int keylen,ivlen; 323 EVP_CIPHER_CTX *ctx; 324 325 if ((btmp=BIO_new(BIO_f_cipher())) == NULL) 326 { 327 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); 328 goto err; 329 } 330 BIO_get_cipher_ctx(btmp, &ctx); 331 keylen=EVP_CIPHER_key_length(evp_cipher); 332 ivlen=EVP_CIPHER_iv_length(evp_cipher); 333 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); 334 if (ivlen > 0) 335 if (RAND_pseudo_bytes(iv,ivlen) <= 0) 336 goto err; 337 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) 338 goto err; 339 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) 340 goto err; 341 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) 342 goto err; 343 344 if (ivlen > 0) { 345 if (xalg->parameter == NULL) { 346 xalg->parameter = ASN1_TYPE_new(); 347 if (xalg->parameter == NULL) 348 goto err; 349 } 350 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 351 goto err; 352 } 353 354 /* Lets do the pub key stuff :-) */ 355 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 356 { 357 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 358 if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) 359 goto err; 360 } 361 OPENSSL_cleanse(key, keylen); 362 363 if (out == NULL) 364 out=btmp; 365 else 366 BIO_push(out,btmp); 367 btmp=NULL; 368 } 369 370 if (bio == NULL) 371 { 372 if (PKCS7_is_detached(p7)) 373 bio=BIO_new(BIO_s_null()); 374 else if (os && os->length > 0) 375 bio = BIO_new_mem_buf(os->data, os->length); 376 if(bio == NULL) 377 { 378 bio=BIO_new(BIO_s_mem()); 379 if (bio == NULL) 380 goto err; 381 BIO_set_mem_eof_return(bio,0); 382 } 383 } 384 if (out) 385 BIO_push(out,bio); 386 else 387 out = bio; 388 bio=NULL; 389 if (0) 390 { 391err: 392 if (out != NULL) 393 BIO_free_all(out); 394 if (btmp != NULL) 395 BIO_free_all(btmp); 396 out=NULL; 397 } 398 return(out); 399 } 400 401static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) 402 { 403 int ret; 404 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, 405 pcert->cert_info->issuer); 406 if (ret) 407 return ret; 408 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, 409 ri->issuer_and_serial->serial); 410 } 411 412/* int */ 413BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 414 { 415 int i,j; 416 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; 417 X509_ALGOR *xa; 418 ASN1_OCTET_STRING *data_body=NULL; 419 const EVP_MD *evp_md; 420 const EVP_CIPHER *evp_cipher=NULL; 421 EVP_CIPHER_CTX *evp_ctx=NULL; 422 X509_ALGOR *enc_alg=NULL; 423 STACK_OF(X509_ALGOR) *md_sk=NULL; 424 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 425 PKCS7_RECIP_INFO *ri=NULL; 426 427 i=OBJ_obj2nid(p7->type); 428 p7->state=PKCS7_S_HEADER; 429 430 switch (i) 431 { 432 case NID_pkcs7_signed: 433 data_body=PKCS7_get_octet_string(p7->d.sign->contents); 434 md_sk=p7->d.sign->md_algs; 435 break; 436 case NID_pkcs7_signedAndEnveloped: 437 rsk=p7->d.signed_and_enveloped->recipientinfo; 438 md_sk=p7->d.signed_and_enveloped->md_algs; 439 data_body=p7->d.signed_and_enveloped->enc_data->enc_data; 440 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; 441 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 442 if (evp_cipher == NULL) 443 { 444 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 445 goto err; 446 } 447 break; 448 case NID_pkcs7_enveloped: 449 rsk=p7->d.enveloped->recipientinfo; 450 enc_alg=p7->d.enveloped->enc_data->algorithm; 451 data_body=p7->d.enveloped->enc_data->enc_data; 452 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 453 if (evp_cipher == NULL) 454 { 455 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 456 goto err; 457 } 458 break; 459 default: 460 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 461 goto err; 462 } 463 464 /* We will be checking the signature */ 465 if (md_sk != NULL) 466 { 467 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 468 { 469 xa=sk_X509_ALGOR_value(md_sk,i); 470 if ((btmp=BIO_new(BIO_f_md())) == NULL) 471 { 472 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); 473 goto err; 474 } 475 476 j=OBJ_obj2nid(xa->algorithm); 477 evp_md=EVP_get_digestbynid(j); 478 if (evp_md == NULL) 479 { 480 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); 481 goto err; 482 } 483 484 BIO_set_md(btmp,evp_md); 485 if (out == NULL) 486 out=btmp; 487 else 488 BIO_push(out,btmp); 489 btmp=NULL; 490 } 491 } 492 493 if (evp_cipher != NULL) 494 { 495#if 0 496 unsigned char key[EVP_MAX_KEY_LENGTH]; 497 unsigned char iv[EVP_MAX_IV_LENGTH]; 498 unsigned char *p; 499 int keylen,ivlen; 500 int max; 501 X509_OBJECT ret; 502#endif 503 unsigned char *ek = NULL; 504 int eklen; 505 506 if ((etmp=BIO_new(BIO_f_cipher())) == NULL) 507 { 508 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); 509 goto err; 510 } 511 512 /* It was encrypted, we need to decrypt the secret key 513 * with the private key */ 514 515 /* Find the recipientInfo which matches the passed certificate 516 * (if any) 517 */ 518 519 if (pcert) 520 { 521 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 522 { 523 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 524 if (!pkcs7_cmp_ri(ri, pcert)) 525 break; 526 ri=NULL; 527 } 528 if (ri == NULL) 529 { 530 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 531 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 532 goto err; 533 } 534 } 535 536 /* If we haven't got a certificate try each ri in turn */ 537 538 if (pcert == NULL) 539 { 540 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 541 { 542 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 543 if (pkcs7_decrypt_rinfo(&ek, &eklen, 544 ri, pkey) > 0) 545 break; 546 ERR_clear_error(); 547 ri = NULL; 548 } 549 if (ri == NULL) 550 { 551 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 552 PKCS7_R_NO_RECIPIENT_MATCHES_KEY); 553 goto err; 554 } 555 } 556 else 557 { 558 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0) 559 goto err; 560 } 561 562 evp_ctx=NULL; 563 BIO_get_cipher_ctx(etmp,&evp_ctx); 564 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) 565 goto err; 566 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 567 goto err; 568 569 if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { 570 /* Some S/MIME clients don't use the same key 571 * and effective key length. The key length is 572 * determined by the size of the decrypted RSA key. 573 */ 574 if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) 575 { 576 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 577 PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); 578 goto err; 579 } 580 } 581 if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0) 582 goto err; 583 584 if (ek) 585 { 586 OPENSSL_cleanse(ek,eklen); 587 OPENSSL_free(ek); 588 } 589 590 if (out == NULL) 591 out=etmp; 592 else 593 BIO_push(out,etmp); 594 etmp=NULL; 595 } 596 597#if 1 598 if (PKCS7_is_detached(p7) || (in_bio != NULL)) 599 { 600 bio=in_bio; 601 } 602 else 603 { 604#if 0 605 bio=BIO_new(BIO_s_mem()); 606 /* We need to set this so that when we have read all 607 * the data, the encrypt BIO, if present, will read 608 * EOF and encode the last few bytes */ 609 BIO_set_mem_eof_return(bio,0); 610 611 if (data_body->length > 0) 612 BIO_write(bio,(char *)data_body->data,data_body->length); 613#else 614 if (data_body->length > 0) 615 bio = BIO_new_mem_buf(data_body->data,data_body->length); 616 else { 617 bio=BIO_new(BIO_s_mem()); 618 BIO_set_mem_eof_return(bio,0); 619 } 620 if (bio == NULL) 621 goto err; 622#endif 623 } 624 BIO_push(out,bio); 625 bio=NULL; 626#endif 627 if (0) 628 { 629err: 630 if (out != NULL) BIO_free_all(out); 631 if (btmp != NULL) BIO_free_all(btmp); 632 if (etmp != NULL) BIO_free_all(etmp); 633 if (bio != NULL) BIO_free_all(bio); 634 out=NULL; 635 } 636 return(out); 637 } 638 639static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) 640 { 641 for (;;) 642 { 643 bio=BIO_find_type(bio,BIO_TYPE_MD); 644 if (bio == NULL) 645 { 646 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 647 return NULL; 648 } 649 BIO_get_md_ctx(bio,pmd); 650 if (*pmd == NULL) 651 { 652 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); 653 return NULL; 654 } 655 if (EVP_MD_CTX_type(*pmd) == nid) 656 return bio; 657 bio=BIO_next(bio); 658 } 659 return NULL; 660 } 661 662static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) 663 { 664 unsigned char md_data[EVP_MAX_MD_SIZE]; 665 unsigned int md_len; 666 667 /* Add signing time if not already present */ 668 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) 669 { 670 if (!PKCS7_add0_attrib_signing_time(si, NULL)) 671 { 672 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 673 ERR_R_MALLOC_FAILURE); 674 return 0; 675 } 676 } 677 678 /* Add digest */ 679 EVP_DigestFinal_ex(mctx, md_data,&md_len); 680 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) 681 { 682 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); 683 return 0; 684 } 685 686 /* Now sign the attributes */ 687 if (!PKCS7_SIGNER_INFO_sign(si)) 688 return 0; 689 690 return 1; 691 } 692 693 694int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) 695 { 696 int ret=0; 697 int i,j; 698 BIO *btmp; 699 PKCS7_SIGNER_INFO *si; 700 EVP_MD_CTX *mdc,ctx_tmp; 701 STACK_OF(X509_ATTRIBUTE) *sk; 702 STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; 703 ASN1_OCTET_STRING *os=NULL; 704 705 EVP_MD_CTX_init(&ctx_tmp); 706 i=OBJ_obj2nid(p7->type); 707 p7->state=PKCS7_S_HEADER; 708 709 switch (i) 710 { 711 case NID_pkcs7_data: 712 os = p7->d.data; 713 break; 714 case NID_pkcs7_signedAndEnveloped: 715 /* XXXXXXXXXXXXXXXX */ 716 si_sk=p7->d.signed_and_enveloped->signer_info; 717 os = p7->d.signed_and_enveloped->enc_data->enc_data; 718 if (!os) 719 { 720 os=M_ASN1_OCTET_STRING_new(); 721 if (!os) 722 { 723 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 724 goto err; 725 } 726 p7->d.signed_and_enveloped->enc_data->enc_data=os; 727 } 728 break; 729 case NID_pkcs7_enveloped: 730 /* XXXXXXXXXXXXXXXX */ 731 os = p7->d.enveloped->enc_data->enc_data; 732 if (!os) 733 { 734 os=M_ASN1_OCTET_STRING_new(); 735 if (!os) 736 { 737 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 738 goto err; 739 } 740 p7->d.enveloped->enc_data->enc_data=os; 741 } 742 break; 743 case NID_pkcs7_signed: 744 si_sk=p7->d.sign->signer_info; 745 os=PKCS7_get_octet_string(p7->d.sign->contents); 746 /* If detached data then the content is excluded */ 747 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { 748 M_ASN1_OCTET_STRING_free(os); 749 p7->d.sign->contents->d.data = NULL; 750 } 751 break; 752 753 case NID_pkcs7_digest: 754 os=PKCS7_get_octet_string(p7->d.digest->contents); 755 /* If detached data then the content is excluded */ 756 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) 757 { 758 M_ASN1_OCTET_STRING_free(os); 759 p7->d.digest->contents->d.data = NULL; 760 } 761 break; 762 763 default: 764 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 765 goto err; 766 } 767 768 if (si_sk != NULL) 769 { 770 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) 771 { 772 si=sk_PKCS7_SIGNER_INFO_value(si_sk,i); 773 if (si->pkey == NULL) 774 continue; 775 776 j = OBJ_obj2nid(si->digest_alg->algorithm); 777 778 btmp=bio; 779 780 btmp = PKCS7_find_digest(&mdc, btmp, j); 781 782 if (btmp == NULL) 783 goto err; 784 785 /* We now have the EVP_MD_CTX, lets do the 786 * signing. */ 787 EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); 788 789 sk=si->auth_attr; 790 791 /* If there are attributes, we add the digest 792 * attribute and only sign the attributes */ 793 if (sk_X509_ATTRIBUTE_num(sk) > 0) 794 { 795 if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) 796 goto err; 797 } 798 else 799 { 800 unsigned char *abuf = NULL; 801 unsigned int abuflen; 802 abuflen = EVP_PKEY_size(si->pkey); 803 abuf = OPENSSL_malloc(abuflen); 804 if (!abuf) 805 goto err; 806 807 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, 808 si->pkey)) 809 { 810 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 811 ERR_R_EVP_LIB); 812 goto err; 813 } 814 ASN1_STRING_set0(si->enc_digest, abuf, abuflen); 815 } 816 } 817 } 818 else if (i == NID_pkcs7_digest) 819 { 820 unsigned char md_data[EVP_MAX_MD_SIZE]; 821 unsigned int md_len; 822 if (!PKCS7_find_digest(&mdc, bio, 823 OBJ_obj2nid(p7->d.digest->md->algorithm))) 824 goto err; 825 EVP_DigestFinal_ex(mdc,md_data,&md_len); 826 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); 827 } 828 829 if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) 830 { 831 char *cont; 832 long contlen; 833 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 834 if (btmp == NULL) 835 { 836 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 837 goto err; 838 } 839 contlen = BIO_get_mem_data(btmp, &cont); 840 /* Mark the BIO read only then we can use its copy of the data 841 * instead of making an extra copy. 842 */ 843 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); 844 BIO_set_mem_eof_return(btmp, 0); 845 ASN1_STRING_set0(os, (unsigned char *)cont, contlen); 846 } 847 ret=1; 848err: 849 EVP_MD_CTX_cleanup(&ctx_tmp); 850 return(ret); 851 } 852 853int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) 854 { 855 EVP_MD_CTX mctx; 856 EVP_PKEY_CTX *pctx; 857 unsigned char *abuf = NULL; 858 int alen; 859 size_t siglen; 860 const EVP_MD *md = NULL; 861 862 md = EVP_get_digestbyobj(si->digest_alg->algorithm); 863 if (md == NULL) 864 return 0; 865 866 EVP_MD_CTX_init(&mctx); 867 if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0) 868 goto err; 869 870 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 871 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) 872 { 873 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 874 goto err; 875 } 876 877 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf, 878 ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); 879 if(!abuf) 880 goto err; 881 if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0) 882 goto err; 883 OPENSSL_free(abuf); 884 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) 885 goto err; 886 abuf = OPENSSL_malloc(siglen); 887 if(!abuf) 888 goto err; 889 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) 890 goto err; 891 892 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 893 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) 894 { 895 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 896 goto err; 897 } 898 899 EVP_MD_CTX_cleanup(&mctx); 900 901 ASN1_STRING_set0(si->enc_digest, abuf, siglen); 902 903 return 1; 904 905 err: 906 if (abuf) 907 OPENSSL_free(abuf); 908 EVP_MD_CTX_cleanup(&mctx); 909 return 0; 910 911 } 912 913int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, 914 PKCS7 *p7, PKCS7_SIGNER_INFO *si) 915 { 916 PKCS7_ISSUER_AND_SERIAL *ias; 917 int ret=0,i; 918 STACK_OF(X509) *cert; 919 X509 *x509; 920 921 if (PKCS7_type_is_signed(p7)) 922 { 923 cert=p7->d.sign->cert; 924 } 925 else if (PKCS7_type_is_signedAndEnveloped(p7)) 926 { 927 cert=p7->d.signed_and_enveloped->cert; 928 } 929 else 930 { 931 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE); 932 goto err; 933 } 934 /* XXXXXXXXXXXXXXXXXXXXXXX */ 935 ias=si->issuer_and_serial; 936 937 x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); 938 939 /* were we able to find the cert in passed to us */ 940 if (x509 == NULL) 941 { 942 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); 943 goto err; 944 } 945 946 /* Lets verify */ 947 if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) 948 { 949 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); 950 goto err; 951 } 952 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); 953 i=X509_verify_cert(ctx); 954 if (i <= 0) 955 { 956 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); 957 X509_STORE_CTX_cleanup(ctx); 958 goto err; 959 } 960 X509_STORE_CTX_cleanup(ctx); 961 962 return PKCS7_signatureVerify(bio, p7, si, x509); 963 err: 964 return ret; 965 } 966 967int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, 968 X509 *x509) 969 { 970 ASN1_OCTET_STRING *os; 971 EVP_MD_CTX mdc_tmp,*mdc; 972 int ret=0,i; 973 int md_type; 974 STACK_OF(X509_ATTRIBUTE) *sk; 975 BIO *btmp; 976 EVP_PKEY *pkey; 977 978 EVP_MD_CTX_init(&mdc_tmp); 979 980 if (!PKCS7_type_is_signed(p7) && 981 !PKCS7_type_is_signedAndEnveloped(p7)) { 982 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 983 PKCS7_R_WRONG_PKCS7_TYPE); 984 goto err; 985 } 986 987 md_type=OBJ_obj2nid(si->digest_alg->algorithm); 988 989 btmp=bio; 990 for (;;) 991 { 992 if ((btmp == NULL) || 993 ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) 994 { 995 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 996 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 997 goto err; 998 } 999 BIO_get_md_ctx(btmp,&mdc); 1000 if (mdc == NULL) 1001 { 1002 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1003 ERR_R_INTERNAL_ERROR); 1004 goto err; 1005 } 1006 if (EVP_MD_CTX_type(mdc) == md_type) 1007 break; 1008 /* Workaround for some broken clients that put the signature 1009 * OID instead of the digest OID in digest_alg->algorithm 1010 */ 1011 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) 1012 break; 1013 btmp=BIO_next(btmp); 1014 } 1015 1016 /* mdc is the digest ctx that we want, unless there are attributes, 1017 * in which case the digest is the signed attributes */ 1018 EVP_MD_CTX_copy_ex(&mdc_tmp,mdc); 1019 1020 sk=si->auth_attr; 1021 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) 1022 { 1023 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; 1024 unsigned int md_len; 1025 int alen; 1026 ASN1_OCTET_STRING *message_digest; 1027 1028 EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len); 1029 message_digest=PKCS7_digest_from_attributes(sk); 1030 if (!message_digest) 1031 { 1032 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1033 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 1034 goto err; 1035 } 1036 if ((message_digest->length != (int)md_len) || 1037 (memcmp(message_digest->data,md_dat,md_len))) 1038 { 1039#if 0 1040{ 1041int ii; 1042for (ii=0; ii<message_digest->length; ii++) 1043 printf("%02X",message_digest->data[ii]); printf(" sent\n"); 1044for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); 1045} 1046#endif 1047 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1048 PKCS7_R_DIGEST_FAILURE); 1049 ret= -1; 1050 goto err; 1051 } 1052 1053 EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL); 1054 1055 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, 1056 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); 1057 if (alen <= 0) 1058 { 1059 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB); 1060 ret = -1; 1061 goto err; 1062 } 1063 EVP_VerifyUpdate(&mdc_tmp, abuf, alen); 1064 1065 OPENSSL_free(abuf); 1066 } 1067 1068 os=si->enc_digest; 1069 pkey = X509_get_pubkey(x509); 1070 if (!pkey) 1071 { 1072 ret = -1; 1073 goto err; 1074 } 1075 1076 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 1077 EVP_PKEY_free(pkey); 1078 if (i <= 0) 1079 { 1080 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1081 PKCS7_R_SIGNATURE_FAILURE); 1082 ret= -1; 1083 goto err; 1084 } 1085 else 1086 ret=1; 1087err: 1088 EVP_MD_CTX_cleanup(&mdc_tmp); 1089 return(ret); 1090 } 1091 1092PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) 1093 { 1094 STACK_OF(PKCS7_RECIP_INFO) *rsk; 1095 PKCS7_RECIP_INFO *ri; 1096 int i; 1097 1098 i=OBJ_obj2nid(p7->type); 1099 if (i != NID_pkcs7_signedAndEnveloped) 1100 return NULL; 1101 if (p7->d.signed_and_enveloped == NULL) 1102 return NULL; 1103 rsk=p7->d.signed_and_enveloped->recipientinfo; 1104 if (rsk == NULL) 1105 return NULL; 1106 ri=sk_PKCS7_RECIP_INFO_value(rsk,0); 1107 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); 1108 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); 1109 return(ri->issuer_and_serial); 1110 } 1111 1112ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) 1113 { 1114 return(get_attribute(si->auth_attr,nid)); 1115 } 1116 1117ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) 1118 { 1119 return(get_attribute(si->unauth_attr,nid)); 1120 } 1121 1122static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) 1123 { 1124 int i; 1125 X509_ATTRIBUTE *xa; 1126 ASN1_OBJECT *o; 1127 1128 o=OBJ_nid2obj(nid); 1129 if (!o || !sk) return(NULL); 1130 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1131 { 1132 xa=sk_X509_ATTRIBUTE_value(sk,i); 1133 if (OBJ_cmp(xa->object,o) == 0) 1134 { 1135 if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) 1136 return(sk_ASN1_TYPE_value(xa->value.set,0)); 1137 else 1138 return(NULL); 1139 } 1140 } 1141 return(NULL); 1142 } 1143 1144ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) 1145{ 1146 ASN1_TYPE *astype; 1147 if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; 1148 return astype->value.octet_string; 1149} 1150 1151int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, 1152 STACK_OF(X509_ATTRIBUTE) *sk) 1153 { 1154 int i; 1155 1156 if (p7si->auth_attr != NULL) 1157 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); 1158 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); 1159 if (p7si->auth_attr == NULL) 1160 return 0; 1161 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1162 { 1163 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, 1164 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) 1165 == NULL) 1166 return(0); 1167 } 1168 return(1); 1169 } 1170 1171int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) 1172 { 1173 int i; 1174 1175 if (p7si->unauth_attr != NULL) 1176 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, 1177 X509_ATTRIBUTE_free); 1178 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); 1179 if (p7si->unauth_attr == NULL) 1180 return 0; 1181 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1182 { 1183 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, 1184 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) 1185 == NULL) 1186 return(0); 1187 } 1188 return(1); 1189 } 1190 1191int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1192 void *value) 1193 { 1194 return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); 1195 } 1196 1197int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1198 void *value) 1199 { 1200 return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); 1201 } 1202 1203static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 1204 void *value) 1205 { 1206 X509_ATTRIBUTE *attr=NULL; 1207 1208 if (*sk == NULL) 1209 { 1210 *sk = sk_X509_ATTRIBUTE_new_null(); 1211 if (*sk == NULL) 1212 return 0; 1213new_attrib: 1214 if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) 1215 return 0; 1216 if (!sk_X509_ATTRIBUTE_push(*sk,attr)) 1217 { 1218 X509_ATTRIBUTE_free(attr); 1219 return 0; 1220 } 1221 } 1222 else 1223 { 1224 int i; 1225 1226 for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++) 1227 { 1228 attr=sk_X509_ATTRIBUTE_value(*sk,i); 1229 if (OBJ_obj2nid(attr->object) == nid) 1230 { 1231 X509_ATTRIBUTE_free(attr); 1232 attr=X509_ATTRIBUTE_create(nid,atrtype,value); 1233 if (attr == NULL) 1234 return 0; 1235 if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) 1236 { 1237 X509_ATTRIBUTE_free(attr); 1238 return 0; 1239 } 1240 goto end; 1241 } 1242 } 1243 goto new_attrib; 1244 } 1245end: 1246 return(1); 1247 } 1248 1249