search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
import libcrypto (LibreSSL 2.5.2)
[unleashed.git] / lib / libcrypto / pkcs7 / pk7_doit.c
blob484620a68631b2e6173252714cec3ce262bc3be8
1 /* $OpenBSD: pk7_doit.c,v 1.41 2017/01/29 17:49:23 beck Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <stdio.h>
60 #include <stdlib.h>
61 #include <string.h>
62
63 #include <openssl/err.h>
64 #include <openssl/objects.h>
65 #include <openssl/x509.h>
66 #include <openssl/x509v3.h>
67
68 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
69 void *value);
70 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
71
72 static int
73 PKCS7_type_is_other(PKCS7* p7)
74 {
75 int isOther = 1;
76
77 int nid = OBJ_obj2nid(p7->type);
78
79 switch (nid ) {
80 case NID_pkcs7_data:
81 case NID_pkcs7_signed:
82 case NID_pkcs7_enveloped:
83 case NID_pkcs7_signedAndEnveloped:
84 case NID_pkcs7_digest:
85 case NID_pkcs7_encrypted:
86 isOther = 0;
87 break;
88 default:
89 isOther = 1;
90 }
91
92 return isOther;
93
94 }
95
96 static ASN1_OCTET_STRING *
97 PKCS7_get_octet_string(PKCS7 *p7)
98 {
99 if (PKCS7_type_is_data(p7))
100 return p7->d.data;
101 if (PKCS7_type_is_other(p7) && p7->d.other &&
102 (p7->d.other->type == V_ASN1_OCTET_STRING))
103 return p7->d.other->value.octet_string;
104 return NULL;
105 }
106
107 static int
108 PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
109 {
110 BIO *btmp;
111 const EVP_MD *md;
112 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
113 PKCS7error(ERR_R_BIO_LIB);
114 goto err;
115 }
116
117 md = EVP_get_digestbyobj(alg->algorithm);
118 if (md == NULL) {
119 PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
120 goto err;
121 }
122
123 BIO_set_md(btmp, md);
124 if (*pbio == NULL)
125 *pbio = btmp;
126 else if (!BIO_push(*pbio, btmp)) {
127 PKCS7error(ERR_R_BIO_LIB);
128 goto err;
129 }
130 btmp = NULL;
131
132 return 1;
133
134 err:
135 BIO_free(btmp);
136 return 0;
137
138 }
139
140 static int
141 pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, unsigned char *key, int keylen)
142 {
143 EVP_PKEY_CTX *pctx = NULL;
144 EVP_PKEY *pkey = NULL;
145 unsigned char *ek = NULL;
146 int ret = 0;
147 size_t eklen;
148
149 pkey = X509_get_pubkey(ri->cert);
150 if (!pkey)
151 return 0;
152
153 pctx = EVP_PKEY_CTX_new(pkey, NULL);
154 if (!pctx)
155 return 0;
156
157 if (EVP_PKEY_encrypt_init(pctx) <= 0)
158 goto err;
159
160 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
161 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
162 PKCS7error(PKCS7_R_CTRL_ERROR);
163 goto err;
164 }
165
166 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
167 goto err;
168
169 ek = malloc(eklen);
170
171 if (ek == NULL) {
172 PKCS7error(ERR_R_MALLOC_FAILURE);
173 goto err;
174 }
175
176 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
177 goto err;
178
179 ASN1_STRING_set0(ri->enc_key, ek, eklen);
180 ek = NULL;
181
182 ret = 1;
183
184 err:
185 EVP_PKEY_free(pkey);
186 EVP_PKEY_CTX_free(pctx);
187 free(ek);
188 return ret;
189 }
190
191
192 static int
193 pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, PKCS7_RECIP_INFO *ri,
194 EVP_PKEY *pkey)
195 {
196 EVP_PKEY_CTX *pctx = NULL;
197 unsigned char *ek = NULL;
198 size_t eklen;
199
200 int ret = -1;
201
202 pctx = EVP_PKEY_CTX_new(pkey, NULL);
203 if (!pctx)
204 return -1;
205
206 if (EVP_PKEY_decrypt_init(pctx) <= 0)
207 goto err;
208
209 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
210 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
211 PKCS7error(PKCS7_R_CTRL_ERROR);
212 goto err;
213 }
214
215 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
216 ri->enc_key->data, ri->enc_key->length) <= 0)
217 goto err;
218
219 ek = malloc(eklen);
220 if (ek == NULL) {
221 PKCS7error(ERR_R_MALLOC_FAILURE);
222 goto err;
223 }
224
225 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
226 ri->enc_key->data, ri->enc_key->length) <= 0) {
227 ret = 0;
228 PKCS7error(ERR_R_EVP_LIB);
229 goto err;
230 }
231
232 ret = 1;
233
234 if (*pek) {
235 explicit_bzero(*pek, *peklen);
236 free(*pek);
237 }
238
239 *pek = ek;
240 *peklen = eklen;
241
242 err:
243 EVP_PKEY_CTX_free(pctx);
244 if (!ret && ek)
245 free(ek);
246
247 return ret;
248 }
249
250 BIO *
251 PKCS7_dataInit(PKCS7 *p7, BIO *bio)
252 {
253 int i;
254 BIO *out = NULL, *btmp = NULL;
255 X509_ALGOR *xa = NULL;
256 const EVP_CIPHER *evp_cipher = NULL;
257 STACK_OF(X509_ALGOR) *md_sk = NULL;
258 STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
259 X509_ALGOR *xalg = NULL;
260 PKCS7_RECIP_INFO *ri = NULL;
261 ASN1_OCTET_STRING *os = NULL;
262
263 if (p7 == NULL) {
264 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
265 return NULL;
266 }
267
268 /*
269 * The content field in the PKCS7 ContentInfo is optional,
270 * but that really only applies to inner content (precisely,
271 * detached signatures).
272 *
273 * When reading content, missing outer content is therefore
274 * treated as an error.
275 *
276 * When creating content, PKCS7_content_new() must be called
277 * before calling this method, so a NULL p7->d is always
278 * an error.
279 */
280 if (p7->d.ptr == NULL) {
281 PKCS7error(PKCS7_R_NO_CONTENT);
282 return NULL;
283 }
284
285 i = OBJ_obj2nid(p7->type);
286 p7->state = PKCS7_S_HEADER;
287
288 switch (i) {
289 case NID_pkcs7_signed:
290 md_sk = p7->d.sign->md_algs;
291 os = PKCS7_get_octet_string(p7->d.sign->contents);
292 break;
293 case NID_pkcs7_signedAndEnveloped:
294 rsk = p7->d.signed_and_enveloped->recipientinfo;
295 md_sk = p7->d.signed_and_enveloped->md_algs;
296 xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
297 evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
298 if (evp_cipher == NULL) {
299 PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
300 goto err;
301 }
302 break;
303 case NID_pkcs7_enveloped:
304 rsk = p7->d.enveloped->recipientinfo;
305 xalg = p7->d.enveloped->enc_data->algorithm;
306 evp_cipher = p7->d.enveloped->enc_data->cipher;
307 if (evp_cipher == NULL) {
308 PKCS7error(PKCS7_R_CIPHER_NOT_INITIALIZED);
309 goto err;
310 }
311 break;
312 case NID_pkcs7_digest:
313 xa = p7->d.digest->md;
314 os = PKCS7_get_octet_string(p7->d.digest->contents);
315 break;
316 case NID_pkcs7_data:
317 break;
318 default:
319 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
320 goto err;
321 }
322
323 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
324 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
325 goto err;
326
327 if (xa && !PKCS7_bio_add_digest(&out, xa))
328 goto err;
329
330 if (evp_cipher != NULL) {
331 unsigned char key[EVP_MAX_KEY_LENGTH];
332 unsigned char iv[EVP_MAX_IV_LENGTH];
333 int keylen, ivlen;
334 EVP_CIPHER_CTX *ctx;
335
336 if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
337 PKCS7error(ERR_R_BIO_LIB);
338 goto err;
339 }
340 BIO_get_cipher_ctx(btmp, &ctx);
341 keylen = EVP_CIPHER_key_length(evp_cipher);
342 ivlen = EVP_CIPHER_iv_length(evp_cipher);
343 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
344 if (ivlen > 0)
345 arc4random_buf(iv, ivlen);
346 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL,
347 NULL, 1) <= 0)
348 goto err;
349 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
350 goto err;
351 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
352 goto err;
353
354 if (ivlen > 0) {
355 if (xalg->parameter == NULL) {
356 xalg->parameter = ASN1_TYPE_new();
357 if (xalg->parameter == NULL)
358 goto err;
359 }
360 if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
361 goto err;
362 }
363
364 /* Lets do the pub key stuff :-) */
365 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
366 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
367 if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
368 goto err;
369 }
370 explicit_bzero(key, keylen);
371
372 if (out == NULL)
373 out = btmp;
374 else
375 BIO_push(out, btmp);
376 btmp = NULL;
377 }
378
379 if (bio == NULL) {
380 if (PKCS7_is_detached(p7))
381 bio = BIO_new(BIO_s_null());
382 else if (os && os->length > 0)
383 bio = BIO_new_mem_buf(os->data, os->length);
384 if (bio == NULL) {
385 bio = BIO_new(BIO_s_mem());
386 if (bio == NULL)
387 goto err;
388 BIO_set_mem_eof_return(bio, 0);
389 }
390 }
391 if (out)
392 BIO_push(out, bio);
393 else
394 out = bio;
395 bio = NULL;
396 if (0) {
397 err:
398 if (out != NULL)
399 BIO_free_all(out);
400 if (btmp != NULL)
401 BIO_free_all(btmp);
402 out = NULL;
403 }
404 return (out);
405 }
406
407 static int
408 pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
409 {
410 int ret;
411
412 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
413 pcert->cert_info->issuer);
414 if (ret)
415 return ret;
416 return ASN1_STRING_cmp(pcert->cert_info->serialNumber,
417 ri->issuer_and_serial->serial);
418 }
419
420 /* int */
421 BIO *
422 PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
423 {
424 int i, j;
425 BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
426 X509_ALGOR *xa;
427 ASN1_OCTET_STRING *data_body = NULL;
428 const EVP_MD *evp_md;
429 const EVP_CIPHER *evp_cipher = NULL;
430 EVP_CIPHER_CTX *evp_ctx = NULL;
431 X509_ALGOR *enc_alg = NULL;
432 STACK_OF(X509_ALGOR) *md_sk = NULL;
433 STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
434 PKCS7_RECIP_INFO *ri = NULL;
435 unsigned char *ek = NULL, *tkey = NULL;
436 int eklen = 0, tkeylen = 0;
437
438 if (p7 == NULL) {
439 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
440 return NULL;
441 }
442
443 if (p7->d.ptr == NULL) {
444 PKCS7error(PKCS7_R_NO_CONTENT);
445 return NULL;
446 }
447
448 i = OBJ_obj2nid(p7->type);
449 p7->state = PKCS7_S_HEADER;
450
451 switch (i) {
452 case NID_pkcs7_signed:
453 data_body = PKCS7_get_octet_string(p7->d.sign->contents);
454 md_sk = p7->d.sign->md_algs;
455 break;
456 case NID_pkcs7_signedAndEnveloped:
457 rsk = p7->d.signed_and_enveloped->recipientinfo;
458 md_sk = p7->d.signed_and_enveloped->md_algs;
459 data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
460 enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
461 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
462 if (evp_cipher == NULL) {
463 PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
464 goto err;
465 }
466 break;
467 case NID_pkcs7_enveloped:
468 rsk = p7->d.enveloped->recipientinfo;
469 enc_alg = p7->d.enveloped->enc_data->algorithm;
470 data_body = p7->d.enveloped->enc_data->enc_data;
471 evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
472 if (evp_cipher == NULL) {
473 PKCS7error(PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
474 goto err;
475 }
476 break;
477 default:
478 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
479 goto err;
480 }
481
482 /* We will be checking the signature */
483 if (md_sk != NULL) {
484 for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
485 xa = sk_X509_ALGOR_value(md_sk, i);
486 if ((btmp = BIO_new(BIO_f_md())) == NULL) {
487 PKCS7error(ERR_R_BIO_LIB);
488 goto err;
489 }
490
491 j = OBJ_obj2nid(xa->algorithm);
492 evp_md = EVP_get_digestbynid(j);
493 if (evp_md == NULL) {
494 PKCS7error(PKCS7_R_UNKNOWN_DIGEST_TYPE);
495 goto err;
496 }
497
498 BIO_set_md(btmp, evp_md);
499 if (out == NULL)
500 out = btmp;
501 else
502 BIO_push(out, btmp);
503 btmp = NULL;
504 }
505 }
506
507 if (evp_cipher != NULL) {
508 if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
509 PKCS7error(ERR_R_BIO_LIB);
510 goto err;
511 }
512
513 /* It was encrypted, we need to decrypt the secret key
514 * with the private key */
515
516 /* Find the recipientInfo which matches the passed certificate
517 * (if any)
518 */
519 if (pcert) {
520 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
521 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
522 if (!pkcs7_cmp_ri(ri, pcert))
523 break;
524 ri = NULL;
525 }
526 if (ri == NULL) {
527 PKCS7error(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
528 goto err;
529 }
530 }
531
532 /* If we haven't got a certificate try each ri in turn */
533 if (pcert == NULL) {
534 /* Always attempt to decrypt all rinfo even
535 * after sucess as a defence against MMA timing
536 * attacks.
537 */
538 for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
539 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
540
541 if (pkcs7_decrypt_rinfo(&ek, &eklen,
542 ri, pkey) < 0)
543 goto err;
544 ERR_clear_error();
545 }
546 } else {
547 /* Only exit on fatal errors, not decrypt failure */
548 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
549 goto err;
550 ERR_clear_error();
551 }
552
553 evp_ctx = NULL;
554 BIO_get_cipher_ctx(etmp, &evp_ctx);
555 if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL,
556 NULL, 0) <= 0)
557 goto err;
558 if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
559 goto err;
560 /* Generate random key as MMA defence */
561 tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
562 tkey = malloc(tkeylen);
563 if (!tkey)
564 goto err;
565 if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
566 goto err;
567 if (ek == NULL) {
568 ek = tkey;
569 eklen = tkeylen;
570 tkey = NULL;
571 }
572
573 if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
574 /* Some S/MIME clients don't use the same key
575 * and effective key length. The key length is
576 * determined by the size of the decrypted RSA key.
577 */
578 if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
579 /* Use random key as MMA defence */
580 explicit_bzero(ek, eklen);
581 free(ek);
582 ek = tkey;
583 eklen = tkeylen;
584 tkey = NULL;
585 }
586 }
587 /* Clear errors so we don't leak information useful in MMA */
588 ERR_clear_error();
589 if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
590 goto err;
591
592 if (ek) {
593 explicit_bzero(ek, eklen);
594 free(ek);
595 ek = NULL;
596 }
597 if (tkey) {
598 explicit_bzero(tkey, tkeylen);
599 free(tkey);
600 tkey = NULL;
601 }
602
603 if (out == NULL)
604 out = etmp;
605 else
606 BIO_push(out, etmp);
607 etmp = NULL;
608 }
609
610 if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
611 bio = in_bio;
612 } else {
613 if (data_body != NULL && data_body->length > 0)
614 bio = BIO_new_mem_buf(data_body->data, data_body->length);
615 else {
616 bio = BIO_new(BIO_s_mem());
617 BIO_set_mem_eof_return(bio, 0);
618 }
619 if (bio == NULL)
620 goto err;
621 }
622 BIO_push(out, bio);
623
624 if (0) {
625 err:
626 if (ek) {
627 explicit_bzero(ek, eklen);
628 free(ek);
629 }
630 if (tkey) {
631 explicit_bzero(tkey, tkeylen);
632 free(tkey);
633 }
634 if (out != NULL)
635 BIO_free_all(out);
636 if (btmp != NULL)
637 BIO_free_all(btmp);
638 if (etmp != NULL)
639 BIO_free_all(etmp);
640 out = NULL;
641 }
642 return (out);
643 }
644
645 static BIO *
646 PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
647 {
648 for (;;) {
649 bio = BIO_find_type(bio, BIO_TYPE_MD);
650 if (bio == NULL) {
651 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
652 return NULL;
653 }
654 BIO_get_md_ctx(bio, pmd);
655 if (*pmd == NULL) {
656 PKCS7error(ERR_R_INTERNAL_ERROR);
657 return NULL;
658 }
659 if (EVP_MD_CTX_type(*pmd) == nid)
660 return bio;
661 bio = BIO_next(bio);
662 }
663 return NULL;
664 }
665
666 static int
667 do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
668 {
669 unsigned char md_data[EVP_MAX_MD_SIZE];
670 unsigned int md_len;
671
672 /* Add signing time if not already present */
673 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
674 if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
675 PKCS7error(ERR_R_MALLOC_FAILURE);
676 return 0;
677 }
678 }
679
680 /* Add digest */
681 if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
682 PKCS7error(ERR_R_EVP_LIB);
683 return 0;
684 }
685 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
686 PKCS7error(ERR_R_MALLOC_FAILURE);
687 return 0;
688 }
689
690 /* Now sign the attributes */
691 if (!PKCS7_SIGNER_INFO_sign(si))
692 return 0;
693
694 return 1;
695 }
696
697
698 int
699 PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
700 {
701 int ret = 0;
702 int i, j;
703 BIO *btmp;
704 PKCS7_SIGNER_INFO *si;
705 EVP_MD_CTX *mdc, ctx_tmp;
706 STACK_OF(X509_ATTRIBUTE) *sk;
707 STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
708 ASN1_OCTET_STRING *os = NULL;
709
710 if (p7 == NULL) {
711 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
712 return 0;
713 }
714
715 if (p7->d.ptr == NULL) {
716 PKCS7error(PKCS7_R_NO_CONTENT);
717 return 0;
718 }
719
720 EVP_MD_CTX_init(&ctx_tmp);
721 i = OBJ_obj2nid(p7->type);
722 p7->state = PKCS7_S_HEADER;
723
724 switch (i) {
725 case NID_pkcs7_data:
726 os = p7->d.data;
727 break;
728 case NID_pkcs7_signedAndEnveloped:
729 /* XXX */
730 si_sk = p7->d.signed_and_enveloped->signer_info;
731 os = p7->d.signed_and_enveloped->enc_data->enc_data;
732 if (!os) {
733 os = ASN1_OCTET_STRING_new();
734 if (!os) {
735 PKCS7error(ERR_R_MALLOC_FAILURE);
736 goto err;
737 }
738 p7->d.signed_and_enveloped->enc_data->enc_data = os;
739 }
740 break;
741 case NID_pkcs7_enveloped:
742 /* XXX */
743 os = p7->d.enveloped->enc_data->enc_data;
744 if (!os) {
745 os = ASN1_OCTET_STRING_new();
746 if (!os) {
747 PKCS7error(ERR_R_MALLOC_FAILURE);
748 goto err;
749 }
750 p7->d.enveloped->enc_data->enc_data = os;
751 }
752 break;
753 case NID_pkcs7_signed:
754 si_sk = p7->d.sign->signer_info;
755 os = PKCS7_get_octet_string(p7->d.sign->contents);
756 if (!PKCS7_is_detached(p7) && os == NULL) {
757 PKCS7error(PKCS7_R_DECODE_ERROR);
758 goto err;
759 }
760 /* If detached data then the content is excluded */
761 if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
762 ASN1_OCTET_STRING_free(os);
763 os = NULL;
764 p7->d.sign->contents->d.data = NULL;
765 }
766 break;
767
768 case NID_pkcs7_digest:
769 os = PKCS7_get_octet_string(p7->d.digest->contents);
770 if (os == NULL) {
771 PKCS7error(PKCS7_R_DECODE_ERROR);
772 goto err;
773 }
774 /* If detached data then the content is excluded */
775 if (PKCS7_type_is_data(p7->d.digest->contents) &&
776 p7->detached) {
777 ASN1_OCTET_STRING_free(os);
778 os = NULL;
779 p7->d.digest->contents->d.data = NULL;
780 }
781 break;
782
783 default:
784 PKCS7error(PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
785 goto err;
786 }
787
788 if (si_sk != NULL) {
789 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
790 si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
791 if (si->pkey == NULL)
792 continue;
793
794 j = OBJ_obj2nid(si->digest_alg->algorithm);
795
796 if ((btmp = PKCS7_find_digest(&mdc, bio, j)) == NULL)
797 goto err;
798
799 /* We now have the EVP_MD_CTX, lets do the
800 * signing. */
801 if (!EVP_MD_CTX_copy_ex(&ctx_tmp, mdc))
802 goto err;
803
804 sk = si->auth_attr;
805
806 /* If there are attributes, we add the digest
807 * attribute and only sign the attributes */
808 if (sk_X509_ATTRIBUTE_num(sk) > 0) {
809 if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
810 goto err;
811 } else {
812 unsigned char *abuf = NULL;
813 unsigned int abuflen;
814 abuflen = EVP_PKEY_size(si->pkey);
815 abuf = malloc(abuflen);
816 if (!abuf)
817 goto err;
818
819 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
820 si->pkey)) {
821 PKCS7error(ERR_R_EVP_LIB);
822 goto err;
823 }
824 ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
825 }
826 }
827 } else if (i == NID_pkcs7_digest) {
828 unsigned char md_data[EVP_MAX_MD_SIZE];
829 unsigned int md_len;
830
831 if (!PKCS7_find_digest(&mdc, bio,
832 OBJ_obj2nid(p7->d.digest->md->algorithm)))
833 goto err;
834 if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
835 goto err;
836 if (ASN1_STRING_set(p7->d.digest->digest, md_data,
837 md_len) == 0)
838 goto err;
839 }
840
841 if (!PKCS7_is_detached(p7)) {
842 /*
843 * NOTE: only reach os == NULL here because detached
844 * digested data support is broken?
845 */
846 if (os == NULL)
847 goto err;
848 if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
849 char *cont;
850 long contlen;
851
852 btmp = BIO_find_type(bio, BIO_TYPE_MEM);
853 if (btmp == NULL) {
854 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
855 goto err;
856 }
857 contlen = BIO_get_mem_data(btmp, &cont);
858 /*
859 * Mark the BIO read only then we can use its copy
860 * of the data instead of making an extra copy.
861 */
862 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
863 BIO_set_mem_eof_return(btmp, 0);
864 ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
865 }
866 }
867 ret = 1;
868 err:
869 EVP_MD_CTX_cleanup(&ctx_tmp);
870 return (ret);
871 }
872
873 int
874 PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
875 {
876 EVP_MD_CTX mctx;
877 EVP_PKEY_CTX *pctx;
878 unsigned char *abuf = NULL;
879 int alen;
880 size_t siglen;
881 const EVP_MD *md = NULL;
882
883 md = EVP_get_digestbyobj(si->digest_alg->algorithm);
884 if (md == NULL)
885 return 0;
886
887 EVP_MD_CTX_init(&mctx);
888 if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
889 goto err;
890
891 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
892 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
893 PKCS7error(PKCS7_R_CTRL_ERROR);
894 goto err;
895 }
896
897 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
898 &PKCS7_ATTR_SIGN_it);
899 if (!abuf)
900 goto err;
901 if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
902 goto err;
903 free(abuf);
904 abuf = NULL;
905 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
906 goto err;
907 abuf = malloc(siglen);
908 if (!abuf)
909 goto err;
910 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
911 goto err;
912
913 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
914 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
915 PKCS7error(PKCS7_R_CTRL_ERROR);
916 goto err;
917 }
918
919 EVP_MD_CTX_cleanup(&mctx);
920
921 ASN1_STRING_set0(si->enc_digest, abuf, siglen);
922
923 return 1;
924
925 err:
926 free(abuf);
927 EVP_MD_CTX_cleanup(&mctx);
928 return 0;
929 }
930
931 int
932 PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
933 PKCS7 *p7, PKCS7_SIGNER_INFO *si)
934 {
935 PKCS7_ISSUER_AND_SERIAL *ias;
936 int ret = 0, i;
937 STACK_OF(X509) *cert;
938 X509 *x509;
939
940 if (p7 == NULL) {
941 PKCS7error(PKCS7_R_INVALID_NULL_POINTER);
942 return 0;
943 }
944
945 if (p7->d.ptr == NULL) {
946 PKCS7error(PKCS7_R_NO_CONTENT);
947 return 0;
948 }
949
950 if (PKCS7_type_is_signed(p7)) {
951 cert = p7->d.sign->cert;
952 } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
953 cert = p7->d.signed_and_enveloped->cert;
954 } else {
955 PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
956 goto err;
957 }
958 /* XXXX */
959 ias = si->issuer_and_serial;
960
961 x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
962
963 /* were we able to find the cert in passed to us */
964 if (x509 == NULL) {
965 PKCS7error(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
966 goto err;
967 }
968
969 /* Lets verify */
970 if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
971 PKCS7error(ERR_R_X509_LIB);
972 goto err;
973 }
974 if (X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN) == 0) {
975 X509_STORE_CTX_cleanup(ctx);
976 goto err;
977 }
978 i = X509_verify_cert(ctx);
979 if (i <= 0) {
980 PKCS7error(ERR_R_X509_LIB);
981 X509_STORE_CTX_cleanup(ctx);
982 goto err;
983 }
984 X509_STORE_CTX_cleanup(ctx);
985
986 return PKCS7_signatureVerify(bio, p7, si, x509);
987 err:
988
989 return ret;
990 }
991
992 int
993 PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, X509 *x509)
994 {
995 ASN1_OCTET_STRING *os;
996 EVP_MD_CTX mdc_tmp, *mdc;
997 int ret = 0, i;
998 int md_type;
999 STACK_OF(X509_ATTRIBUTE) *sk;
1000 BIO *btmp;
1001 EVP_PKEY *pkey;
1002
1003 EVP_MD_CTX_init(&mdc_tmp);
1004
1005 if (!PKCS7_type_is_signed(p7) &&
1006 !PKCS7_type_is_signedAndEnveloped(p7)) {
1007 PKCS7error(PKCS7_R_WRONG_PKCS7_TYPE);
1008 goto err;
1009 }
1010
1011 md_type = OBJ_obj2nid(si->digest_alg->algorithm);
1012
1013 btmp = bio;
1014 for (;;) {
1015 if ((btmp == NULL) ||
1016 ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
1017 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1018 goto err;
1019 }
1020 BIO_get_md_ctx(btmp, &mdc);
1021 if (mdc == NULL) {
1022 PKCS7error(ERR_R_INTERNAL_ERROR);
1023 goto err;
1024 }
1025 if (EVP_MD_CTX_type(mdc) == md_type)
1026 break;
1027 /* Workaround for some broken clients that put the signature
1028 * OID instead of the digest OID in digest_alg->algorithm
1029 */
1030 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
1031 break;
1032 btmp = BIO_next(btmp);
1033 }
1034
1035 /* mdc is the digest ctx that we want, unless there are attributes,
1036 * in which case the digest is the signed attributes */
1037 if (!EVP_MD_CTX_copy_ex(&mdc_tmp, mdc))
1038 goto err;
1039
1040 sk = si->auth_attr;
1041 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
1042 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
1043 unsigned int md_len;
1044 int alen;
1045 ASN1_OCTET_STRING *message_digest;
1046
1047 if (!EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len))
1048 goto err;
1049 message_digest = PKCS7_digest_from_attributes(sk);
1050 if (!message_digest) {
1051 PKCS7error(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1052 goto err;
1053 }
1054 if ((message_digest->length != (int)md_len) ||
1055 (memcmp(message_digest->data, md_dat, md_len))) {
1056 PKCS7error(PKCS7_R_DIGEST_FAILURE);
1057 ret = -1;
1058 goto err;
1059 }
1060
1061 if (!EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type),
1062 NULL))
1063 goto err;
1064
1065 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
1066 &PKCS7_ATTR_VERIFY_it);
1067 if (alen <= 0) {
1068 PKCS7error(ERR_R_ASN1_LIB);
1069 ret = -1;
1070 goto err;
1071 }
1072 if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
1073 goto err;
1074
1075 free(abuf);
1076 }
1077
1078 os = si->enc_digest;
1079 pkey = X509_get_pubkey(x509);
1080 if (!pkey) {
1081 ret = -1;
1082 goto err;
1083 }
1084
1085 i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
1086 EVP_PKEY_free(pkey);
1087 if (i <= 0) {
1088 PKCS7error(PKCS7_R_SIGNATURE_FAILURE);
1089 ret = -1;
1090 goto err;
1091 } else
1092 ret = 1;
1093 err:
1094 EVP_MD_CTX_cleanup(&mdc_tmp);
1095 return (ret);
1096 }
1097
1098 PKCS7_ISSUER_AND_SERIAL *
1099 PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
1100 {
1101 STACK_OF(PKCS7_RECIP_INFO) *rsk;
1102 PKCS7_RECIP_INFO *ri;
1103 int i;
1104
1105 i = OBJ_obj2nid(p7->type);
1106 if (i != NID_pkcs7_signedAndEnveloped)
1107 return NULL;
1108 if (p7->d.signed_and_enveloped == NULL)
1109 return NULL;
1110 rsk = p7->d.signed_and_enveloped->recipientinfo;
1111 if (rsk == NULL)
1112 return NULL;
1113 ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
1114 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
1115 return (NULL);
1116 ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
1117 return (ri->issuer_and_serial);
1118 }
1119
1120 ASN1_TYPE *
1121 PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
1122 {
1123 return (get_attribute(si->auth_attr, nid));
1124 }
1125
1126 ASN1_TYPE *
1127 PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
1128 {
1129 return (get_attribute(si->unauth_attr, nid));
1130 }
1131
1132 static ASN1_TYPE *
1133 get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
1134 {
1135 int i;
1136 X509_ATTRIBUTE *xa;
1137 ASN1_OBJECT *o;
1138
1139 o = OBJ_nid2obj(nid);
1140 if (!o || !sk)
1141 return (NULL);
1142 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1143 xa = sk_X509_ATTRIBUTE_value(sk, i);
1144 if (OBJ_cmp(xa->object, o) == 0) {
1145 if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
1146 return (sk_ASN1_TYPE_value(xa->value.set, 0));
1147 else
1148 return (NULL);
1149 }
1150 }
1151 return (NULL);
1152 }
1153
1154 ASN1_OCTET_STRING *
1155 PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
1156 {
1157 ASN1_TYPE *astype;
1158
1159 if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
1160 return NULL;
1161 if (astype->type != V_ASN1_OCTET_STRING)
1162 return NULL;
1163 return astype->value.octet_string;
1164 }
1165
1166 int
1167 PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
1168 STACK_OF(X509_ATTRIBUTE) *sk)
1169 {
1170 int i;
1171
1172 if (p7si->auth_attr != NULL)
1173 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,
1174 X509_ATTRIBUTE_free);
1175 p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
1176 if (p7si->auth_attr == NULL)
1177 return 0;
1178 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1179 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
1180 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
1181 == NULL)
1182 return (0);
1183 }
1184 return (1);
1185 }
1186
1187 int
1188 PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
1189 {
1190 int i;
1191
1192 if (p7si->unauth_attr != NULL)
1193 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
1194 X509_ATTRIBUTE_free);
1195 p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
1196 if (p7si->unauth_attr == NULL)
1197 return 0;
1198 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
1199 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
1200 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk, i))))
1201 == NULL)
1202 return (0);
1203 }
1204 return (1);
1205 }
1206
1207 int
1208 PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
1209 void *value)
1210 {
1211 return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
1212 }
1213
1214 int
1215 PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, void *value)
1216 {
1217 return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
1218 }
1219
1220 static int
1221 add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value)
1222 {
1223 X509_ATTRIBUTE *attr = NULL;
1224
1225 if (*sk == NULL) {
1226 *sk = sk_X509_ATTRIBUTE_new_null();
1227 if (*sk == NULL)
1228 return 0;
1229 new_attrib:
1230 if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
1231 return 0;
1232 if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
1233 X509_ATTRIBUTE_free(attr);
1234 return 0;
1235 }
1236 } else {
1237 int i;
1238
1239 for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
1240 attr = sk_X509_ATTRIBUTE_value(*sk, i);
1241 if (OBJ_obj2nid(attr->object) == nid) {
1242 X509_ATTRIBUTE_free(attr);
1243 attr = X509_ATTRIBUTE_create(nid, atrtype,
1244 value);
1245 if (attr == NULL)
1246 return 0;
1247 if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
1248 X509_ATTRIBUTE_free(attr);
1249 return 0;
1250 }
1251 goto end;
1252 }
1253 }
1254 goto new_attrib;
1255 }
1256 end:
1257 return (1);
1258 }
Unleashed OS