1 /* crypto/pkcs7/pk7_doit.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay@cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include "cryptlib.h" 61 #include <openssl/rand.h> 62 #include <openssl/objects.h> 63 #include <openssl/x509.h> 64 #include <openssl/x509v3.h> 65 #include <openssl/err.h> 66 67 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 68 void *value); 69 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); 70 71 static int PKCS7_type_is_other(PKCS7* p7) 72 { 73 int isOther=1; 74 75 int nid=OBJ_obj2nid(p7->type); 76 77 switch( nid ) 78 { 79 case NID_pkcs7_data: 80 case NID_pkcs7_signed: 81 case NID_pkcs7_enveloped: 82 case NID_pkcs7_signedAndEnveloped: 83 case NID_pkcs7_digest: 84 case NID_pkcs7_encrypted: 85 isOther=0; 86 break; 87 default: 88 isOther=1; 89 } 90 91 return isOther; 92 93 } 94 95 static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) 96 { 97 if ( PKCS7_type_is_data(p7)) 98 return p7->d.data; 99 if ( PKCS7_type_is_other(p7) && p7->d.other 100 && (p7->d.other->type == V_ASN1_OCTET_STRING)) 101 return p7->d.other->value.octet_string; 102 return NULL; 103 } 104 105 static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) 106 { 107 BIO *btmp; 108 const EVP_MD *md; 109 if ((btmp=BIO_new(BIO_f_md())) == NULL) 110 { 111 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); 112 goto err; 113 } 114 115 md=EVP_get_digestbyobj(alg->algorithm); 116 if (md == NULL) 117 { 118 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); 119 goto err; 120 } 121 122 BIO_set_md(btmp,md); 123 if (*pbio == NULL) 124 *pbio=btmp; 125 else if (!BIO_push(*pbio,btmp)) 126 { 127 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); 128 goto err; 129 } 130 btmp=NULL; 131 132 return 1; 133 134 err: 135 if (btmp) 136 BIO_free(btmp); 137 return 0; 138 139 } 140 141 static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, 142 unsigned char *key, int keylen) 143 { 144 EVP_PKEY_CTX *pctx = NULL; 145 EVP_PKEY *pkey = NULL; 146 unsigned char *ek = NULL; 147 int ret = 0; 148 size_t eklen; 149 150 pkey = X509_get_pubkey(ri->cert); 151 152 if (!pkey) 153 return 0; 154 155 pctx = EVP_PKEY_CTX_new(pkey, NULL); 156 if (!pctx) 157 return 0; 158 159 if (EVP_PKEY_encrypt_init(pctx) <= 0) 160 goto err; 161 162 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, 163 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) 164 { 165 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); 166 goto err; 167 } 168 169 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) 170 goto err; 171 172 ek = OPENSSL_malloc(eklen); 173 174 if (ek == NULL) 175 { 176 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); 177 goto err; 178 } 179 180 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) 181 goto err; 182 183 ASN1_STRING_set0(ri->enc_key, ek, eklen); 184 ek = NULL; 185 186 ret = 1; 187 188 err: 189 if (pkey) 190 EVP_PKEY_free(pkey); 191 if (pctx) 192 EVP_PKEY_CTX_free(pctx); 193 if (ek) 194 OPENSSL_free(ek); 195 return ret; 196 197 } 198 199 200 static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, 201 PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) 202 { 203 EVP_PKEY_CTX *pctx = NULL; 204 unsigned char *ek = NULL; 205 size_t eklen; 206 207 int ret = 0; 208 209 pctx = EVP_PKEY_CTX_new(pkey, NULL); 210 if (!pctx) 211 return 0; 212 213 if (EVP_PKEY_decrypt_init(pctx) <= 0) 214 goto err; 215 216 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, 217 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) 218 { 219 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); 220 goto err; 221 } 222 223 if (EVP_PKEY_decrypt(pctx, NULL, &eklen, 224 ri->enc_key->data, ri->enc_key->length) <= 0) 225 goto err; 226 227 ek = OPENSSL_malloc(eklen); 228 229 if (ek == NULL) 230 { 231 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); 232 goto err; 233 } 234 235 if (EVP_PKEY_decrypt(pctx, ek, &eklen, 236 ri->enc_key->data, ri->enc_key->length) <= 0) 237 { 238 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); 239 goto err; 240 } 241 242 ret = 1; 243 244 *pek = ek; 245 *peklen = eklen; 246 247 err: 248 if (pctx) 249 EVP_PKEY_CTX_free(pctx); 250 if (!ret && ek) 251 OPENSSL_free(ek); 252 253 return ret; 254 } 255 256 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 257 { 258 int i; 259 BIO *out=NULL,*btmp=NULL; 260 X509_ALGOR *xa = NULL; 261 const EVP_CIPHER *evp_cipher=NULL; 262 STACK_OF(X509_ALGOR) *md_sk=NULL; 263 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 264 X509_ALGOR *xalg=NULL; 265 PKCS7_RECIP_INFO *ri=NULL; 266 ASN1_OCTET_STRING *os=NULL; 267 268 i=OBJ_obj2nid(p7->type); 269 p7->state=PKCS7_S_HEADER; 270 271 switch (i) 272 { 273 case NID_pkcs7_signed: 274 md_sk=p7->d.sign->md_algs; 275 os = PKCS7_get_octet_string(p7->d.sign->contents); 276 break; 277 case NID_pkcs7_signedAndEnveloped: 278 rsk=p7->d.signed_and_enveloped->recipientinfo; 279 md_sk=p7->d.signed_and_enveloped->md_algs; 280 xalg=p7->d.signed_and_enveloped->enc_data->algorithm; 281 evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; 282 if (evp_cipher == NULL) 283 { 284 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 285 PKCS7_R_CIPHER_NOT_INITIALIZED); 286 goto err; 287 } 288 break; 289 case NID_pkcs7_enveloped: 290 rsk=p7->d.enveloped->recipientinfo; 291 xalg=p7->d.enveloped->enc_data->algorithm; 292 evp_cipher=p7->d.enveloped->enc_data->cipher; 293 if (evp_cipher == NULL) 294 { 295 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 296 PKCS7_R_CIPHER_NOT_INITIALIZED); 297 goto err; 298 } 299 break; 300 case NID_pkcs7_digest: 301 xa = p7->d.digest->md; 302 os = PKCS7_get_octet_string(p7->d.digest->contents); 303 break; 304 case NID_pkcs7_data: 305 break; 306 default: 307 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 308 goto err; 309 } 310 311 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 312 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) 313 goto err; 314 315 if (xa && !PKCS7_bio_add_digest(&out, xa)) 316 goto err; 317 318 if (evp_cipher != NULL) 319 { 320 unsigned char key[EVP_MAX_KEY_LENGTH]; 321 unsigned char iv[EVP_MAX_IV_LENGTH]; 322 int keylen,ivlen; 323 EVP_CIPHER_CTX *ctx; 324 325 if ((btmp=BIO_new(BIO_f_cipher())) == NULL) 326 { 327 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); 328 goto err; 329 } 330 BIO_get_cipher_ctx(btmp, &ctx); 331 keylen=EVP_CIPHER_key_length(evp_cipher); 332 ivlen=EVP_CIPHER_iv_length(evp_cipher); 333 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); 334 if (ivlen > 0) 335 if (RAND_pseudo_bytes(iv,ivlen) <= 0) 336 goto err; 337 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) 338 goto err; 339 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) 340 goto err; 341 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) 342 goto err; 343 344 if (ivlen > 0) { 345 if (xalg->parameter == NULL) { 346 xalg->parameter = ASN1_TYPE_new(); 347 if (xalg->parameter == NULL) 348 goto err; 349 } 350 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 351 goto err; 352 } 353 354 /* Lets do the pub key stuff :-) */ 355 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 356 { 357 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 358 if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) 359 goto err; 360 } 361 OPENSSL_cleanse(key, keylen); 362 363 if (out == NULL) 364 out=btmp; 365 else 366 BIO_push(out,btmp); 367 btmp=NULL; 368 } 369 370 if (bio == NULL) 371 { 372 if (PKCS7_is_detached(p7)) 373 bio=BIO_new(BIO_s_null()); 374 else if (os && os->length > 0) 375 bio = BIO_new_mem_buf(os->data, os->length); 376 if(bio == NULL) 377 { 378 bio=BIO_new(BIO_s_mem()); 379 if (bio == NULL) 380 goto err; 381 BIO_set_mem_eof_return(bio,0); 382 } 383 } 384 if (out) 385 BIO_push(out,bio); 386 else 387 out = bio; 388 bio=NULL; 389 if (0) 390 { 391 err: 392 if (out != NULL) 393 BIO_free_all(out); 394 if (btmp != NULL) 395 BIO_free_all(btmp); 396 out=NULL; 397 } 398 return(out); 399 } 400 401 static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) 402 { 403 int ret; 404 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, 405 pcert->cert_info->issuer); 406 if (ret) 407 return ret; 408 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, 409 ri->issuer_and_serial->serial); 410 } 411 412 /* int */ 413 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 414 { 415 int i,j; 416 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; 417 X509_ALGOR *xa; 418 ASN1_OCTET_STRING *data_body=NULL; 419 const EVP_MD *evp_md; 420 const EVP_CIPHER *evp_cipher=NULL; 421 EVP_CIPHER_CTX *evp_ctx=NULL; 422 X509_ALGOR *enc_alg=NULL; 423 STACK_OF(X509_ALGOR) *md_sk=NULL; 424 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 425 X509_ALGOR *xalg=NULL; 426 PKCS7_RECIP_INFO *ri=NULL; 427 428 i=OBJ_obj2nid(p7->type); 429 p7->state=PKCS7_S_HEADER; 430 431 switch (i) 432 { 433 case NID_pkcs7_signed: 434 data_body=PKCS7_get_octet_string(p7->d.sign->contents); 435 md_sk=p7->d.sign->md_algs; 436 break; 437 case NID_pkcs7_signedAndEnveloped: 438 rsk=p7->d.signed_and_enveloped->recipientinfo; 439 md_sk=p7->d.signed_and_enveloped->md_algs; 440 data_body=p7->d.signed_and_enveloped->enc_data->enc_data; 441 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; 442 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 443 if (evp_cipher == NULL) 444 { 445 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 446 goto err; 447 } 448 xalg=p7->d.signed_and_enveloped->enc_data->algorithm; 449 break; 450 case NID_pkcs7_enveloped: 451 rsk=p7->d.enveloped->recipientinfo; 452 enc_alg=p7->d.enveloped->enc_data->algorithm; 453 data_body=p7->d.enveloped->enc_data->enc_data; 454 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 455 if (evp_cipher == NULL) 456 { 457 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 458 goto err; 459 } 460 xalg=p7->d.enveloped->enc_data->algorithm; 461 break; 462 default: 463 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 464 goto err; 465 } 466 467 /* We will be checking the signature */ 468 if (md_sk != NULL) 469 { 470 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 471 { 472 xa=sk_X509_ALGOR_value(md_sk,i); 473 if ((btmp=BIO_new(BIO_f_md())) == NULL) 474 { 475 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); 476 goto err; 477 } 478 479 j=OBJ_obj2nid(xa->algorithm); 480 evp_md=EVP_get_digestbynid(j); 481 if (evp_md == NULL) 482 { 483 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); 484 goto err; 485 } 486 487 BIO_set_md(btmp,evp_md); 488 if (out == NULL) 489 out=btmp; 490 else 491 BIO_push(out,btmp); 492 btmp=NULL; 493 } 494 } 495 496 if (evp_cipher != NULL) 497 { 498 #if 0 499 unsigned char key[EVP_MAX_KEY_LENGTH]; 500 unsigned char iv[EVP_MAX_IV_LENGTH]; 501 unsigned char *p; 502 int keylen,ivlen; 503 int max; 504 X509_OBJECT ret; 505 #endif 506 unsigned char *ek = NULL; 507 int eklen; 508 509 if ((etmp=BIO_new(BIO_f_cipher())) == NULL) 510 { 511 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); 512 goto err; 513 } 514 515 /* It was encrypted, we need to decrypt the secret key 516 * with the private key */ 517 518 /* Find the recipientInfo which matches the passed certificate 519 * (if any) 520 */ 521 522 if (pcert) 523 { 524 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 525 { 526 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 527 if (!pkcs7_cmp_ri(ri, pcert)) 528 break; 529 ri=NULL; 530 } 531 if (ri == NULL) 532 { 533 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 534 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 535 goto err; 536 } 537 } 538 539 /* If we haven't got a certificate try each ri in turn */ 540 541 if (pcert == NULL) 542 { 543 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 544 { 545 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 546 if (pkcs7_decrypt_rinfo(&ek, &eklen, 547 ri, pkey) > 0) 548 break; 549 ERR_clear_error(); 550 ri = NULL; 551 } 552 if (ri == NULL) 553 { 554 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 555 PKCS7_R_NO_RECIPIENT_MATCHES_KEY); 556 goto err; 557 } 558 } 559 else 560 { 561 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0) 562 goto err; 563 } 564 565 evp_ctx=NULL; 566 BIO_get_cipher_ctx(etmp,&evp_ctx); 567 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) 568 goto err; 569 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 570 goto err; 571 572 if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { 573 /* Some S/MIME clients don't use the same key 574 * and effective key length. The key length is 575 * determined by the size of the decrypted RSA key. 576 */ 577 if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) 578 { 579 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 580 PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); 581 goto err; 582 } 583 } 584 if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0) 585 goto err; 586 587 if (ek) 588 { 589 OPENSSL_cleanse(ek,eklen); 590 OPENSSL_free(ek); 591 } 592 593 if (out == NULL) 594 out=etmp; 595 else 596 BIO_push(out,etmp); 597 etmp=NULL; 598 } 599 600 #if 1 601 if (PKCS7_is_detached(p7) || (in_bio != NULL)) 602 { 603 bio=in_bio; 604 } 605 else 606 { 607 #if 0 608 bio=BIO_new(BIO_s_mem()); 609 /* We need to set this so that when we have read all 610 * the data, the encrypt BIO, if present, will read 611 * EOF and encode the last few bytes */ 612 BIO_set_mem_eof_return(bio,0); 613 614 if (data_body->length > 0) 615 BIO_write(bio,(char *)data_body->data,data_body->length); 616 #else 617 if (data_body->length > 0) 618 bio = BIO_new_mem_buf(data_body->data,data_body->length); 619 else { 620 bio=BIO_new(BIO_s_mem()); 621 BIO_set_mem_eof_return(bio,0); 622 } 623 if (bio == NULL) 624 goto err; 625 #endif 626 } 627 BIO_push(out,bio); 628 bio=NULL; 629 #endif 630 if (0) 631 { 632 err: 633 if (out != NULL) BIO_free_all(out); 634 if (btmp != NULL) BIO_free_all(btmp); 635 if (etmp != NULL) BIO_free_all(etmp); 636 if (bio != NULL) BIO_free_all(bio); 637 out=NULL; 638 } 639 return(out); 640 } 641 642 static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) 643 { 644 for (;;) 645 { 646 bio=BIO_find_type(bio,BIO_TYPE_MD); 647 if (bio == NULL) 648 { 649 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 650 return NULL; 651 } 652 BIO_get_md_ctx(bio,pmd); 653 if (*pmd == NULL) 654 { 655 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); 656 return NULL; 657 } 658 if (EVP_MD_CTX_type(*pmd) == nid) 659 return bio; 660 bio=BIO_next(bio); 661 } 662 return NULL; 663 } 664 665 static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) 666 { 667 unsigned char md_data[EVP_MAX_MD_SIZE]; 668 unsigned int md_len; 669 670 /* Add signing time if not already present */ 671 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) 672 { 673 if (!PKCS7_add0_attrib_signing_time(si, NULL)) 674 { 675 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 676 ERR_R_MALLOC_FAILURE); 677 return 0; 678 } 679 } 680 681 /* Add digest */ 682 if (!EVP_DigestFinal_ex(mctx, md_data,&md_len)) 683 { 684 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB); 685 return 0; 686 } 687 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) 688 { 689 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); 690 return 0; 691 } 692 693 /* Now sign the attributes */ 694 if (!PKCS7_SIGNER_INFO_sign(si)) 695 return 0; 696 697 return 1; 698 } 699 700 701 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) 702 { 703 int ret=0; 704 int i,j; 705 BIO *btmp; 706 PKCS7_SIGNER_INFO *si; 707 EVP_MD_CTX *mdc,ctx_tmp; 708 STACK_OF(X509_ATTRIBUTE) *sk; 709 STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; 710 ASN1_OCTET_STRING *os=NULL; 711 712 EVP_MD_CTX_init(&ctx_tmp); 713 i=OBJ_obj2nid(p7->type); 714 p7->state=PKCS7_S_HEADER; 715 716 switch (i) 717 { 718 case NID_pkcs7_data: 719 os = p7->d.data; 720 break; 721 case NID_pkcs7_signedAndEnveloped: 722 /* XXXXXXXXXXXXXXXX */ 723 si_sk=p7->d.signed_and_enveloped->signer_info; 724 os = p7->d.signed_and_enveloped->enc_data->enc_data; 725 if (!os) 726 { 727 os=M_ASN1_OCTET_STRING_new(); 728 if (!os) 729 { 730 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 731 goto err; 732 } 733 p7->d.signed_and_enveloped->enc_data->enc_data=os; 734 } 735 break; 736 case NID_pkcs7_enveloped: 737 /* XXXXXXXXXXXXXXXX */ 738 os = p7->d.enveloped->enc_data->enc_data; 739 if (!os) 740 { 741 os=M_ASN1_OCTET_STRING_new(); 742 if (!os) 743 { 744 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 745 goto err; 746 } 747 p7->d.enveloped->enc_data->enc_data=os; 748 } 749 break; 750 case NID_pkcs7_signed: 751 si_sk=p7->d.sign->signer_info; 752 os=PKCS7_get_octet_string(p7->d.sign->contents); 753 /* If detached data then the content is excluded */ 754 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { 755 M_ASN1_OCTET_STRING_free(os); 756 p7->d.sign->contents->d.data = NULL; 757 } 758 break; 759 760 case NID_pkcs7_digest: 761 os=PKCS7_get_octet_string(p7->d.digest->contents); 762 /* If detached data then the content is excluded */ 763 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) 764 { 765 M_ASN1_OCTET_STRING_free(os); 766 p7->d.digest->contents->d.data = NULL; 767 } 768 break; 769 770 default: 771 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 772 goto err; 773 } 774 775 if (si_sk != NULL) 776 { 777 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) 778 { 779 si=sk_PKCS7_SIGNER_INFO_value(si_sk,i); 780 if (si->pkey == NULL) 781 continue; 782 783 j = OBJ_obj2nid(si->digest_alg->algorithm); 784 785 btmp=bio; 786 787 btmp = PKCS7_find_digest(&mdc, btmp, j); 788 789 if (btmp == NULL) 790 goto err; 791 792 /* We now have the EVP_MD_CTX, lets do the 793 * signing. */ 794 if (!EVP_MD_CTX_copy_ex(&ctx_tmp,mdc)) 795 goto err; 796 797 sk=si->auth_attr; 798 799 /* If there are attributes, we add the digest 800 * attribute and only sign the attributes */ 801 if (sk_X509_ATTRIBUTE_num(sk) > 0) 802 { 803 if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) 804 goto err; 805 } 806 else 807 { 808 unsigned char *abuf = NULL; 809 unsigned int abuflen; 810 abuflen = EVP_PKEY_size(si->pkey); 811 abuf = OPENSSL_malloc(abuflen); 812 if (!abuf) 813 goto err; 814 815 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, 816 si->pkey)) 817 { 818 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 819 ERR_R_EVP_LIB); 820 goto err; 821 } 822 ASN1_STRING_set0(si->enc_digest, abuf, abuflen); 823 } 824 } 825 } 826 else if (i == NID_pkcs7_digest) 827 { 828 unsigned char md_data[EVP_MAX_MD_SIZE]; 829 unsigned int md_len; 830 if (!PKCS7_find_digest(&mdc, bio, 831 OBJ_obj2nid(p7->d.digest->md->algorithm))) 832 goto err; 833 if (!EVP_DigestFinal_ex(mdc,md_data,&md_len)) 834 goto err; 835 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); 836 } 837 838 if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) 839 { 840 char *cont; 841 long contlen; 842 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 843 if (btmp == NULL) 844 { 845 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 846 goto err; 847 } 848 contlen = BIO_get_mem_data(btmp, &cont); 849 /* Mark the BIO read only then we can use its copy of the data 850 * instead of making an extra copy. 851 */ 852 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); 853 BIO_set_mem_eof_return(btmp, 0); 854 ASN1_STRING_set0(os, (unsigned char *)cont, contlen); 855 } 856 ret=1; 857 err: 858 EVP_MD_CTX_cleanup(&ctx_tmp); 859 return(ret); 860 } 861 862 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) 863 { 864 EVP_MD_CTX mctx; 865 EVP_PKEY_CTX *pctx; 866 unsigned char *abuf = NULL; 867 int alen; 868 size_t siglen; 869 const EVP_MD *md = NULL; 870 871 md = EVP_get_digestbyobj(si->digest_alg->algorithm); 872 if (md == NULL) 873 return 0; 874 875 EVP_MD_CTX_init(&mctx); 876 if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0) 877 goto err; 878 879 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 880 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) 881 { 882 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 883 goto err; 884 } 885 886 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf, 887 ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); 888 if(!abuf) 889 goto err; 890 if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0) 891 goto err; 892 OPENSSL_free(abuf); 893 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) 894 goto err; 895 abuf = OPENSSL_malloc(siglen); 896 if(!abuf) 897 goto err; 898 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) 899 goto err; 900 901 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 902 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) 903 { 904 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 905 goto err; 906 } 907 908 EVP_MD_CTX_cleanup(&mctx); 909 910 ASN1_STRING_set0(si->enc_digest, abuf, siglen); 911 912 return 1; 913 914 err: 915 if (abuf) 916 OPENSSL_free(abuf); 917 EVP_MD_CTX_cleanup(&mctx); 918 return 0; 919 920 } 921 922 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, 923 PKCS7 *p7, PKCS7_SIGNER_INFO *si) 924 { 925 PKCS7_ISSUER_AND_SERIAL *ias; 926 int ret=0,i; 927 STACK_OF(X509) *cert; 928 X509 *x509; 929 930 if (PKCS7_type_is_signed(p7)) 931 { 932 cert=p7->d.sign->cert; 933 } 934 else if (PKCS7_type_is_signedAndEnveloped(p7)) 935 { 936 cert=p7->d.signed_and_enveloped->cert; 937 } 938 else 939 { 940 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE); 941 goto err; 942 } 943 /* XXXXXXXXXXXXXXXXXXXXXXX */ 944 ias=si->issuer_and_serial; 945 946 x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); 947 948 /* were we able to find the cert in passed to us */ 949 if (x509 == NULL) 950 { 951 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); 952 goto err; 953 } 954 955 /* Lets verify */ 956 if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) 957 { 958 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); 959 goto err; 960 } 961 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); 962 i=X509_verify_cert(ctx); 963 if (i <= 0) 964 { 965 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); 966 X509_STORE_CTX_cleanup(ctx); 967 goto err; 968 } 969 X509_STORE_CTX_cleanup(ctx); 970 971 return PKCS7_signatureVerify(bio, p7, si, x509); 972 err: 973 return ret; 974 } 975 976 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, 977 X509 *x509) 978 { 979 ASN1_OCTET_STRING *os; 980 EVP_MD_CTX mdc_tmp,*mdc; 981 int ret=0,i; 982 int md_type; 983 STACK_OF(X509_ATTRIBUTE) *sk; 984 BIO *btmp; 985 EVP_PKEY *pkey; 986 987 EVP_MD_CTX_init(&mdc_tmp); 988 989 if (!PKCS7_type_is_signed(p7) && 990 !PKCS7_type_is_signedAndEnveloped(p7)) { 991 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 992 PKCS7_R_WRONG_PKCS7_TYPE); 993 goto err; 994 } 995 996 md_type=OBJ_obj2nid(si->digest_alg->algorithm); 997 998 btmp=bio; 999 for (;;) 1000 { 1001 if ((btmp == NULL) || 1002 ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) 1003 { 1004 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1005 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 1006 goto err; 1007 } 1008 BIO_get_md_ctx(btmp,&mdc); 1009 if (mdc == NULL) 1010 { 1011 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1012 ERR_R_INTERNAL_ERROR); 1013 goto err; 1014 } 1015 if (EVP_MD_CTX_type(mdc) == md_type) 1016 break; 1017 /* Workaround for some broken clients that put the signature 1018 * OID instead of the digest OID in digest_alg->algorithm 1019 */ 1020 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) 1021 break; 1022 btmp=BIO_next(btmp); 1023 } 1024 1025 /* mdc is the digest ctx that we want, unless there are attributes, 1026 * in which case the digest is the signed attributes */ 1027 if (!EVP_MD_CTX_copy_ex(&mdc_tmp,mdc)) 1028 goto err; 1029 1030 sk=si->auth_attr; 1031 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) 1032 { 1033 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; 1034 unsigned int md_len; 1035 int alen; 1036 ASN1_OCTET_STRING *message_digest; 1037 1038 if (!EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len)) 1039 goto err; 1040 message_digest=PKCS7_digest_from_attributes(sk); 1041 if (!message_digest) 1042 { 1043 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1044 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 1045 goto err; 1046 } 1047 if ((message_digest->length != (int)md_len) || 1048 (memcmp(message_digest->data,md_dat,md_len))) 1049 { 1050 #if 0 1051 { 1052 int ii; 1053 for (ii=0; ii<message_digest->length; ii++) 1054 printf("%02X",message_digest->data[ii]); printf(" sent\n"); 1055 for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); 1056 } 1057 #endif 1058 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1059 PKCS7_R_DIGEST_FAILURE); 1060 ret= -1; 1061 goto err; 1062 } 1063 1064 if (!EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL)) 1065 goto err; 1066 1067 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, 1068 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); 1069 if (alen <= 0) 1070 { 1071 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB); 1072 ret = -1; 1073 goto err; 1074 } 1075 if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen)) 1076 goto err; 1077 1078 OPENSSL_free(abuf); 1079 } 1080 1081 os=si->enc_digest; 1082 pkey = X509_get_pubkey(x509); 1083 if (!pkey) 1084 { 1085 ret = -1; 1086 goto err; 1087 } 1088 1089 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 1090 EVP_PKEY_free(pkey); 1091 if (i <= 0) 1092 { 1093 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1094 PKCS7_R_SIGNATURE_FAILURE); 1095 ret= -1; 1096 goto err; 1097 } 1098 else 1099 ret=1; 1100 err: 1101 EVP_MD_CTX_cleanup(&mdc_tmp); 1102 return(ret); 1103 } 1104 1105 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) 1106 { 1107 STACK_OF(PKCS7_RECIP_INFO) *rsk; 1108 PKCS7_RECIP_INFO *ri; 1109 int i; 1110 1111 i=OBJ_obj2nid(p7->type); 1112 if (i != NID_pkcs7_signedAndEnveloped) 1113 return NULL; 1114 if (p7->d.signed_and_enveloped == NULL) 1115 return NULL; 1116 rsk=p7->d.signed_and_enveloped->recipientinfo; 1117 if (rsk == NULL) 1118 return NULL; 1119 ri=sk_PKCS7_RECIP_INFO_value(rsk,0); 1120 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); 1121 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); 1122 return(ri->issuer_and_serial); 1123 } 1124 1125 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) 1126 { 1127 return(get_attribute(si->auth_attr,nid)); 1128 } 1129 1130 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) 1131 { 1132 return(get_attribute(si->unauth_attr,nid)); 1133 } 1134 1135 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) 1136 { 1137 int i; 1138 X509_ATTRIBUTE *xa; 1139 ASN1_OBJECT *o; 1140 1141 o=OBJ_nid2obj(nid); 1142 if (!o || !sk) return(NULL); 1143 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1144 { 1145 xa=sk_X509_ATTRIBUTE_value(sk,i); 1146 if (OBJ_cmp(xa->object,o) == 0) 1147 { 1148 if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) 1149 return(sk_ASN1_TYPE_value(xa->value.set,0)); 1150 else 1151 return(NULL); 1152 } 1153 } 1154 return(NULL); 1155 } 1156 1157 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) 1158 { 1159 ASN1_TYPE *astype; 1160 if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; 1161 return astype->value.octet_string; 1162 } 1163 1164 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, 1165 STACK_OF(X509_ATTRIBUTE) *sk) 1166 { 1167 int i; 1168 1169 if (p7si->auth_attr != NULL) 1170 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); 1171 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); 1172 if (p7si->auth_attr == NULL) 1173 return 0; 1174 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1175 { 1176 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, 1177 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) 1178 == NULL) 1179 return(0); 1180 } 1181 return(1); 1182 } 1183 1184 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) 1185 { 1186 int i; 1187 1188 if (p7si->unauth_attr != NULL) 1189 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, 1190 X509_ATTRIBUTE_free); 1191 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); 1192 if (p7si->unauth_attr == NULL) 1193 return 0; 1194 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1195 { 1196 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, 1197 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) 1198 == NULL) 1199 return(0); 1200 } 1201 return(1); 1202 } 1203 1204 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1205 void *value) 1206 { 1207 return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); 1208 } 1209 1210 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1211 void *value) 1212 { 1213 return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); 1214 } 1215 1216 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 1217 void *value) 1218 { 1219 X509_ATTRIBUTE *attr=NULL; 1220 1221 if (*sk == NULL) 1222 { 1223 *sk = sk_X509_ATTRIBUTE_new_null(); 1224 if (*sk == NULL) 1225 return 0; 1226 new_attrib: 1227 if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) 1228 return 0; 1229 if (!sk_X509_ATTRIBUTE_push(*sk,attr)) 1230 { 1231 X509_ATTRIBUTE_free(attr); 1232 return 0; 1233 } 1234 } 1235 else 1236 { 1237 int i; 1238 1239 for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++) 1240 { 1241 attr=sk_X509_ATTRIBUTE_value(*sk,i); 1242 if (OBJ_obj2nid(attr->object) == nid) 1243 { 1244 X509_ATTRIBUTE_free(attr); 1245 attr=X509_ATTRIBUTE_create(nid,atrtype,value); 1246 if (attr == NULL) 1247 return 0; 1248 if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) 1249 { 1250 X509_ATTRIBUTE_free(attr); 1251 return 0; 1252 } 1253 goto end; 1254 } 1255 } 1256 goto new_attrib; 1257 } 1258 end: 1259 return(1); 1260 } 1261 1262