1 /* crypto/pkcs7/pk7_doit.c */ 2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay (at) cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * 9 * This library is free for commercial and non-commercial use as long as 10 * the following conditions are aheared to. The following conditions 11 * apply to all code found in this distribution, be it the RC4, RSA, 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13 * included with this distribution is covered by the same copyright terms 14 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 15 * 16 * Copyright remains Eric Young's, and as such any Copyright notices in 17 * the code are not to be removed. 18 * If this package is used in a product, Eric Young should be given attribution 19 * as the author of the parts of the library used. 20 * This can be in the form of a textual message at program startup or 21 * in documentation (online or textual) provided with the package. 22 * 23 * Redistribution and use in source and binary forms, with or without 24 * modification, are permitted provided that the following conditions 25 * are met: 26 * 1. Redistributions of source code must retain the copyright 27 * notice, this list of conditions and the following disclaimer. 28 * 2. Redistributions in binary form must reproduce the above copyright 29 * notice, this list of conditions and the following disclaimer in the 30 * documentation and/or other materials provided with the distribution. 31 * 3. All advertising materials mentioning features or use of this software 32 * must display the following acknowledgement: 33 * "This product includes cryptographic software written by 34 * Eric Young (eay (at) cryptsoft.com)" 35 * The word 'cryptographic' can be left out if the rouines from the library 36 * being used are not cryptographic related :-). 37 * 4. If you include any Windows specific code (or a derivative thereof) from 38 * the apps directory (application code) you must include an acknowledgement: 39 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 40 * 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ 58 59 #include <stdio.h> 60 #include "cryptlib.h" 61 #include <openssl/rand.h> 62 #include <openssl/objects.h> 63 #include <openssl/x509.h> 64 #include <openssl/x509v3.h> 65 #include <openssl/err.h> 66 67 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 68 void *value); 69 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); 70 71 static int PKCS7_type_is_other(PKCS7* p7) 72 { 73 int isOther=1; 74 75 int nid=OBJ_obj2nid(p7->type); 76 77 switch( nid ) 78 { 79 case NID_pkcs7_data: 80 case NID_pkcs7_signed: 81 case NID_pkcs7_enveloped: 82 case NID_pkcs7_signedAndEnveloped: 83 case NID_pkcs7_digest: 84 case NID_pkcs7_encrypted: 85 isOther=0; 86 break; 87 default: 88 isOther=1; 89 } 90 91 return isOther; 92 93 } 94 95 static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7) 96 { 97 if ( PKCS7_type_is_data(p7)) 98 return p7->d.data; 99 if ( PKCS7_type_is_other(p7) && p7->d.other 100 && (p7->d.other->type == V_ASN1_OCTET_STRING)) 101 return p7->d.other->value.octet_string; 102 return NULL; 103 } 104 105 static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg) 106 { 107 BIO *btmp; 108 const EVP_MD *md; 109 if ((btmp=BIO_new(BIO_f_md())) == NULL) 110 { 111 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); 112 goto err; 113 } 114 115 md=EVP_get_digestbyobj(alg->algorithm); 116 if (md == NULL) 117 { 118 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE); 119 goto err; 120 } 121 122 BIO_set_md(btmp,md); 123 if (*pbio == NULL) 124 *pbio=btmp; 125 else if (!BIO_push(*pbio,btmp)) 126 { 127 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB); 128 goto err; 129 } 130 btmp=NULL; 131 132 return 1; 133 134 err: 135 if (btmp) 136 BIO_free(btmp); 137 return 0; 138 139 } 140 141 static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri, 142 unsigned char *key, int keylen) 143 { 144 EVP_PKEY_CTX *pctx = NULL; 145 EVP_PKEY *pkey = NULL; 146 unsigned char *ek = NULL; 147 int ret = 0; 148 size_t eklen; 149 150 pkey = X509_get_pubkey(ri->cert); 151 152 if (!pkey) 153 return 0; 154 155 pctx = EVP_PKEY_CTX_new(pkey, NULL); 156 if (!pctx) 157 return 0; 158 159 if (EVP_PKEY_encrypt_init(pctx) <= 0) 160 goto err; 161 162 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT, 163 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) 164 { 165 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR); 166 goto err; 167 } 168 169 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0) 170 goto err; 171 172 ek = OPENSSL_malloc(eklen); 173 174 if (ek == NULL) 175 { 176 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE); 177 goto err; 178 } 179 180 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0) 181 goto err; 182 183 ASN1_STRING_set0(ri->enc_key, ek, eklen); 184 ek = NULL; 185 186 ret = 1; 187 188 err: 189 if (pkey) 190 EVP_PKEY_free(pkey); 191 if (pctx) 192 EVP_PKEY_CTX_free(pctx); 193 if (ek) 194 OPENSSL_free(ek); 195 return ret; 196 197 } 198 199 200 static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen, 201 PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey) 202 { 203 EVP_PKEY_CTX *pctx = NULL; 204 unsigned char *ek = NULL; 205 size_t eklen; 206 207 int ret = 0; 208 209 pctx = EVP_PKEY_CTX_new(pkey, NULL); 210 if (!pctx) 211 return 0; 212 213 if (EVP_PKEY_decrypt_init(pctx) <= 0) 214 goto err; 215 216 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT, 217 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) 218 { 219 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR); 220 goto err; 221 } 222 223 if (EVP_PKEY_decrypt(pctx, NULL, &eklen, 224 ri->enc_key->data, ri->enc_key->length) <= 0) 225 goto err; 226 227 ek = OPENSSL_malloc(eklen); 228 229 if (ek == NULL) 230 { 231 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE); 232 goto err; 233 } 234 235 if (EVP_PKEY_decrypt(pctx, ek, &eklen, 236 ri->enc_key->data, ri->enc_key->length) <= 0) 237 { 238 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB); 239 goto err; 240 } 241 242 ret = 1; 243 244 *pek = ek; 245 *peklen = eklen; 246 247 err: 248 if (pctx) 249 EVP_PKEY_CTX_free(pctx); 250 if (!ret && ek) 251 OPENSSL_free(ek); 252 253 return ret; 254 } 255 256 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 257 { 258 int i; 259 BIO *out=NULL,*btmp=NULL; 260 X509_ALGOR *xa = NULL; 261 const EVP_CIPHER *evp_cipher=NULL; 262 STACK_OF(X509_ALGOR) *md_sk=NULL; 263 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 264 X509_ALGOR *xalg=NULL; 265 PKCS7_RECIP_INFO *ri=NULL; 266 ASN1_OCTET_STRING *os=NULL; 267 268 i=OBJ_obj2nid(p7->type); 269 p7->state=PKCS7_S_HEADER; 270 271 switch (i) 272 { 273 case NID_pkcs7_signed: 274 md_sk=p7->d.sign->md_algs; 275 os = PKCS7_get_octet_string(p7->d.sign->contents); 276 break; 277 case NID_pkcs7_signedAndEnveloped: 278 rsk=p7->d.signed_and_enveloped->recipientinfo; 279 md_sk=p7->d.signed_and_enveloped->md_algs; 280 xalg=p7->d.signed_and_enveloped->enc_data->algorithm; 281 evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; 282 if (evp_cipher == NULL) 283 { 284 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 285 PKCS7_R_CIPHER_NOT_INITIALIZED); 286 goto err; 287 } 288 break; 289 case NID_pkcs7_enveloped: 290 rsk=p7->d.enveloped->recipientinfo; 291 xalg=p7->d.enveloped->enc_data->algorithm; 292 evp_cipher=p7->d.enveloped->enc_data->cipher; 293 if (evp_cipher == NULL) 294 { 295 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 296 PKCS7_R_CIPHER_NOT_INITIALIZED); 297 goto err; 298 } 299 break; 300 case NID_pkcs7_digest: 301 xa = p7->d.digest->md; 302 os = PKCS7_get_octet_string(p7->d.digest->contents); 303 break; 304 case NID_pkcs7_data: 305 break; 306 default: 307 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 308 goto err; 309 } 310 311 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 312 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) 313 goto err; 314 315 if (xa && !PKCS7_bio_add_digest(&out, xa)) 316 goto err; 317 318 if (evp_cipher != NULL) 319 { 320 unsigned char key[EVP_MAX_KEY_LENGTH]; 321 unsigned char iv[EVP_MAX_IV_LENGTH]; 322 int keylen,ivlen; 323 EVP_CIPHER_CTX *ctx; 324 325 if ((btmp=BIO_new(BIO_f_cipher())) == NULL) 326 { 327 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); 328 goto err; 329 } 330 BIO_get_cipher_ctx(btmp, &ctx); 331 keylen=EVP_CIPHER_key_length(evp_cipher); 332 ivlen=EVP_CIPHER_iv_length(evp_cipher); 333 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); 334 if (ivlen > 0) 335 if (RAND_pseudo_bytes(iv,ivlen) <= 0) 336 goto err; 337 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) 338 goto err; 339 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) 340 goto err; 341 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) 342 goto err; 343 344 if (ivlen > 0) { 345 if (xalg->parameter == NULL) { 346 xalg->parameter = ASN1_TYPE_new(); 347 if (xalg->parameter == NULL) 348 goto err; 349 } 350 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 351 goto err; 352 } 353 354 /* Lets do the pub key stuff :-) */ 355 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 356 { 357 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 358 if (pkcs7_encode_rinfo(ri, key, keylen) <= 0) 359 goto err; 360 } 361 OPENSSL_cleanse(key, keylen); 362 363 if (out == NULL) 364 out=btmp; 365 else 366 BIO_push(out,btmp); 367 btmp=NULL; 368 } 369 370 if (bio == NULL) 371 { 372 if (PKCS7_is_detached(p7)) 373 bio=BIO_new(BIO_s_null()); 374 else if (os && os->length > 0) 375 bio = BIO_new_mem_buf(os->data, os->length); 376 if(bio == NULL) 377 { 378 bio=BIO_new(BIO_s_mem()); 379 if (bio == NULL) 380 goto err; 381 BIO_set_mem_eof_return(bio,0); 382 } 383 } 384 if (out) 385 BIO_push(out,bio); 386 else 387 out = bio; 388 bio=NULL; 389 if (0) 390 { 391 err: 392 if (out != NULL) 393 BIO_free_all(out); 394 if (btmp != NULL) 395 BIO_free_all(btmp); 396 out=NULL; 397 } 398 return(out); 399 } 400 401 static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) 402 { 403 int ret; 404 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, 405 pcert->cert_info->issuer); 406 if (ret) 407 return ret; 408 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, 409 ri->issuer_and_serial->serial); 410 } 411 412 /* int */ 413 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 414 { 415 int i,j; 416 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; 417 X509_ALGOR *xa; 418 ASN1_OCTET_STRING *data_body=NULL; 419 const EVP_MD *evp_md; 420 const EVP_CIPHER *evp_cipher=NULL; 421 EVP_CIPHER_CTX *evp_ctx=NULL; 422 X509_ALGOR *enc_alg=NULL; 423 STACK_OF(X509_ALGOR) *md_sk=NULL; 424 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 425 X509_ALGOR *xalg=NULL; 426 PKCS7_RECIP_INFO *ri=NULL; 427 428 i=OBJ_obj2nid(p7->type); 429 p7->state=PKCS7_S_HEADER; 430 431 switch (i) 432 { 433 case NID_pkcs7_signed: 434 data_body=PKCS7_get_octet_string(p7->d.sign->contents); 435 md_sk=p7->d.sign->md_algs; 436 break; 437 case NID_pkcs7_signedAndEnveloped: 438 rsk=p7->d.signed_and_enveloped->recipientinfo; 439 md_sk=p7->d.signed_and_enveloped->md_algs; 440 data_body=p7->d.signed_and_enveloped->enc_data->enc_data; 441 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; 442 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 443 if (evp_cipher == NULL) 444 { 445 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 446 goto err; 447 } 448 xalg=p7->d.signed_and_enveloped->enc_data->algorithm; 449 break; 450 case NID_pkcs7_enveloped: 451 rsk=p7->d.enveloped->recipientinfo; 452 enc_alg=p7->d.enveloped->enc_data->algorithm; 453 data_body=p7->d.enveloped->enc_data->enc_data; 454 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 455 if (evp_cipher == NULL) 456 { 457 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); 458 goto err; 459 } 460 xalg=p7->d.enveloped->enc_data->algorithm; 461 break; 462 default: 463 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 464 goto err; 465 } 466 467 /* We will be checking the signature */ 468 if (md_sk != NULL) 469 { 470 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 471 { 472 xa=sk_X509_ALGOR_value(md_sk,i); 473 if ((btmp=BIO_new(BIO_f_md())) == NULL) 474 { 475 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); 476 goto err; 477 } 478 479 j=OBJ_obj2nid(xa->algorithm); 480 evp_md=EVP_get_digestbynid(j); 481 if (evp_md == NULL) 482 { 483 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); 484 goto err; 485 } 486 487 BIO_set_md(btmp,evp_md); 488 if (out == NULL) 489 out=btmp; 490 else 491 BIO_push(out,btmp); 492 btmp=NULL; 493 } 494 } 495 496 if (evp_cipher != NULL) 497 { 498 #if 0 499 unsigned char key[EVP_MAX_KEY_LENGTH]; 500 unsigned char iv[EVP_MAX_IV_LENGTH]; 501 unsigned char *p; 502 int keylen,ivlen; 503 int max; 504 X509_OBJECT ret; 505 #endif 506 unsigned char *ek = NULL; 507 int eklen; 508 509 if ((etmp=BIO_new(BIO_f_cipher())) == NULL) 510 { 511 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); 512 goto err; 513 } 514 515 /* It was encrypted, we need to decrypt the secret key 516 * with the private key */ 517 518 /* Find the recipientInfo which matches the passed certificate 519 * (if any) 520 */ 521 522 if (pcert) 523 { 524 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 525 { 526 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 527 if (!pkcs7_cmp_ri(ri, pcert)) 528 break; 529 ri=NULL; 530 } 531 if (ri == NULL) 532 { 533 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 534 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 535 goto err; 536 } 537 } 538 539 /* If we haven't got a certificate try each ri in turn */ 540 541 if (pcert == NULL) 542 { 543 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 544 { 545 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 546 if (pkcs7_decrypt_rinfo(&ek, &eklen, 547 ri, pkey) > 0) 548 break; 549 ERR_clear_error(); 550 ri = NULL; 551 } 552 if (ri == NULL) 553 { 554 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 555 PKCS7_R_NO_RECIPIENT_MATCHES_KEY); 556 goto err; 557 } 558 } 559 else 560 { 561 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0) 562 goto err; 563 } 564 565 evp_ctx=NULL; 566 BIO_get_cipher_ctx(etmp,&evp_ctx); 567 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) 568 goto err; 569 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 570 goto err; 571 572 if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) { 573 /* Some S/MIME clients don't use the same key 574 * and effective key length. The key length is 575 * determined by the size of the decrypted RSA key. 576 */ 577 if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) 578 { 579 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 580 PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); 581 goto err; 582 } 583 } 584 if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0) 585 goto err; 586 587 if (ek) 588 { 589 OPENSSL_cleanse(ek,eklen); 590 OPENSSL_free(ek); 591 } 592 593 if (out == NULL) 594 out=etmp; 595 else 596 BIO_push(out,etmp); 597 etmp=NULL; 598 } 599 600 #if 1 601 if (PKCS7_is_detached(p7) || (in_bio != NULL)) 602 { 603 bio=in_bio; 604 } 605 else 606 { 607 #if 0 608 bio=BIO_new(BIO_s_mem()); 609 /* We need to set this so that when we have read all 610 * the data, the encrypt BIO, if present, will read 611 * EOF and encode the last few bytes */ 612 BIO_set_mem_eof_return(bio,0); 613 614 if (data_body->length > 0) 615 BIO_write(bio,(char *)data_body->data,data_body->length); 616 #else 617 if (data_body->length > 0) 618 bio = BIO_new_mem_buf(data_body->data,data_body->length); 619 else { 620 bio=BIO_new(BIO_s_mem()); 621 BIO_set_mem_eof_return(bio,0); 622 } 623 if (bio == NULL) 624 goto err; 625 #endif 626 } 627 BIO_push(out,bio); 628 bio=NULL; 629 #endif 630 if (0) 631 { 632 err: 633 if (out != NULL) BIO_free_all(out); 634 if (btmp != NULL) BIO_free_all(btmp); 635 if (etmp != NULL) BIO_free_all(etmp); 636 if (bio != NULL) BIO_free_all(bio); 637 out=NULL; 638 } 639 return(out); 640 } 641 642 static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) 643 { 644 for (;;) 645 { 646 bio=BIO_find_type(bio,BIO_TYPE_MD); 647 if (bio == NULL) 648 { 649 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 650 return NULL; 651 } 652 BIO_get_md_ctx(bio,pmd); 653 if (*pmd == NULL) 654 { 655 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR); 656 return NULL; 657 } 658 if (EVP_MD_CTX_type(*pmd) == nid) 659 return bio; 660 bio=BIO_next(bio); 661 } 662 return NULL; 663 } 664 665 static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx) 666 { 667 unsigned char md_data[EVP_MAX_MD_SIZE]; 668 unsigned int md_len; 669 670 /* Add signing time if not already present */ 671 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) 672 { 673 if (!PKCS7_add0_attrib_signing_time(si, NULL)) 674 { 675 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 676 ERR_R_MALLOC_FAILURE); 677 return 0; 678 } 679 } 680 681 /* Add digest */ 682 EVP_DigestFinal_ex(mctx, md_data,&md_len); 683 if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) 684 { 685 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE); 686 return 0; 687 } 688 689 /* Now sign the attributes */ 690 if (!PKCS7_SIGNER_INFO_sign(si)) 691 return 0; 692 693 return 1; 694 } 695 696 697 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) 698 { 699 int ret=0; 700 int i,j; 701 BIO *btmp; 702 PKCS7_SIGNER_INFO *si; 703 EVP_MD_CTX *mdc,ctx_tmp; 704 STACK_OF(X509_ATTRIBUTE) *sk; 705 STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; 706 ASN1_OCTET_STRING *os=NULL; 707 708 EVP_MD_CTX_init(&ctx_tmp); 709 i=OBJ_obj2nid(p7->type); 710 p7->state=PKCS7_S_HEADER; 711 712 switch (i) 713 { 714 case NID_pkcs7_data: 715 os = p7->d.data; 716 break; 717 case NID_pkcs7_signedAndEnveloped: 718 /* XXXXXXXXXXXXXXXX */ 719 si_sk=p7->d.signed_and_enveloped->signer_info; 720 os = p7->d.signed_and_enveloped->enc_data->enc_data; 721 if (!os) 722 { 723 os=M_ASN1_OCTET_STRING_new(); 724 if (!os) 725 { 726 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 727 goto err; 728 } 729 p7->d.signed_and_enveloped->enc_data->enc_data=os; 730 } 731 break; 732 case NID_pkcs7_enveloped: 733 /* XXXXXXXXXXXXXXXX */ 734 os = p7->d.enveloped->enc_data->enc_data; 735 if (!os) 736 { 737 os=M_ASN1_OCTET_STRING_new(); 738 if (!os) 739 { 740 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 741 goto err; 742 } 743 p7->d.enveloped->enc_data->enc_data=os; 744 } 745 break; 746 case NID_pkcs7_signed: 747 si_sk=p7->d.sign->signer_info; 748 os=PKCS7_get_octet_string(p7->d.sign->contents); 749 /* If detached data then the content is excluded */ 750 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { 751 M_ASN1_OCTET_STRING_free(os); 752 p7->d.sign->contents->d.data = NULL; 753 } 754 break; 755 756 case NID_pkcs7_digest: 757 os=PKCS7_get_octet_string(p7->d.digest->contents); 758 /* If detached data then the content is excluded */ 759 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) 760 { 761 M_ASN1_OCTET_STRING_free(os); 762 p7->d.digest->contents->d.data = NULL; 763 } 764 break; 765 766 default: 767 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); 768 goto err; 769 } 770 771 if (si_sk != NULL) 772 { 773 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) 774 { 775 si=sk_PKCS7_SIGNER_INFO_value(si_sk,i); 776 if (si->pkey == NULL) 777 continue; 778 779 j = OBJ_obj2nid(si->digest_alg->algorithm); 780 781 btmp=bio; 782 783 btmp = PKCS7_find_digest(&mdc, btmp, j); 784 785 if (btmp == NULL) 786 goto err; 787 788 /* We now have the EVP_MD_CTX, lets do the 789 * signing. */ 790 EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); 791 792 sk=si->auth_attr; 793 794 /* If there are attributes, we add the digest 795 * attribute and only sign the attributes */ 796 if (sk_X509_ATTRIBUTE_num(sk) > 0) 797 { 798 if (!do_pkcs7_signed_attrib(si, &ctx_tmp)) 799 goto err; 800 } 801 else 802 { 803 unsigned char *abuf = NULL; 804 unsigned int abuflen; 805 abuflen = EVP_PKEY_size(si->pkey); 806 abuf = OPENSSL_malloc(abuflen); 807 if (!abuf) 808 goto err; 809 810 if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen, 811 si->pkey)) 812 { 813 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 814 ERR_R_EVP_LIB); 815 goto err; 816 } 817 ASN1_STRING_set0(si->enc_digest, abuf, abuflen); 818 } 819 } 820 } 821 else if (i == NID_pkcs7_digest) 822 { 823 unsigned char md_data[EVP_MAX_MD_SIZE]; 824 unsigned int md_len; 825 if (!PKCS7_find_digest(&mdc, bio, 826 OBJ_obj2nid(p7->d.digest->md->algorithm))) 827 goto err; 828 EVP_DigestFinal_ex(mdc,md_data,&md_len); 829 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); 830 } 831 832 if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) 833 { 834 char *cont; 835 long contlen; 836 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 837 if (btmp == NULL) 838 { 839 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); 840 goto err; 841 } 842 contlen = BIO_get_mem_data(btmp, &cont); 843 /* Mark the BIO read only then we can use its copy of the data 844 * instead of making an extra copy. 845 */ 846 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); 847 BIO_set_mem_eof_return(btmp, 0); 848 ASN1_STRING_set0(os, (unsigned char *)cont, contlen); 849 } 850 ret=1; 851 err: 852 EVP_MD_CTX_cleanup(&ctx_tmp); 853 return(ret); 854 } 855 856 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si) 857 { 858 EVP_MD_CTX mctx; 859 EVP_PKEY_CTX *pctx; 860 unsigned char *abuf = NULL; 861 int alen; 862 size_t siglen; 863 const EVP_MD *md = NULL; 864 865 md = EVP_get_digestbyobj(si->digest_alg->algorithm); 866 if (md == NULL) 867 return 0; 868 869 EVP_MD_CTX_init(&mctx); 870 if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0) 871 goto err; 872 873 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 874 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) 875 { 876 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 877 goto err; 878 } 879 880 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf, 881 ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); 882 if(!abuf) 883 goto err; 884 if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0) 885 goto err; 886 OPENSSL_free(abuf); 887 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0) 888 goto err; 889 abuf = OPENSSL_malloc(siglen); 890 if(!abuf) 891 goto err; 892 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0) 893 goto err; 894 895 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN, 896 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) 897 { 898 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR); 899 goto err; 900 } 901 902 EVP_MD_CTX_cleanup(&mctx); 903 904 ASN1_STRING_set0(si->enc_digest, abuf, siglen); 905 906 return 1; 907 908 err: 909 if (abuf) 910 OPENSSL_free(abuf); 911 EVP_MD_CTX_cleanup(&mctx); 912 return 0; 913 914 } 915 916 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, 917 PKCS7 *p7, PKCS7_SIGNER_INFO *si) 918 { 919 PKCS7_ISSUER_AND_SERIAL *ias; 920 int ret=0,i; 921 STACK_OF(X509) *cert; 922 X509 *x509; 923 924 if (PKCS7_type_is_signed(p7)) 925 { 926 cert=p7->d.sign->cert; 927 } 928 else if (PKCS7_type_is_signedAndEnveloped(p7)) 929 { 930 cert=p7->d.signed_and_enveloped->cert; 931 } 932 else 933 { 934 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE); 935 goto err; 936 } 937 /* XXXXXXXXXXXXXXXXXXXXXXX */ 938 ias=si->issuer_and_serial; 939 940 x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); 941 942 /* were we able to find the cert in passed to us */ 943 if (x509 == NULL) 944 { 945 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE); 946 goto err; 947 } 948 949 /* Lets verify */ 950 if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) 951 { 952 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); 953 goto err; 954 } 955 X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); 956 i=X509_verify_cert(ctx); 957 if (i <= 0) 958 { 959 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); 960 X509_STORE_CTX_cleanup(ctx); 961 goto err; 962 } 963 X509_STORE_CTX_cleanup(ctx); 964 965 return PKCS7_signatureVerify(bio, p7, si, x509); 966 err: 967 return ret; 968 } 969 970 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, 971 X509 *x509) 972 { 973 ASN1_OCTET_STRING *os; 974 EVP_MD_CTX mdc_tmp,*mdc; 975 int ret=0,i; 976 int md_type; 977 STACK_OF(X509_ATTRIBUTE) *sk; 978 BIO *btmp; 979 EVP_PKEY *pkey; 980 981 EVP_MD_CTX_init(&mdc_tmp); 982 983 if (!PKCS7_type_is_signed(p7) && 984 !PKCS7_type_is_signedAndEnveloped(p7)) { 985 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 986 PKCS7_R_WRONG_PKCS7_TYPE); 987 goto err; 988 } 989 990 md_type=OBJ_obj2nid(si->digest_alg->algorithm); 991 992 btmp=bio; 993 for (;;) 994 { 995 if ((btmp == NULL) || 996 ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) 997 { 998 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 999 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 1000 goto err; 1001 } 1002 BIO_get_md_ctx(btmp,&mdc); 1003 if (mdc == NULL) 1004 { 1005 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1006 ERR_R_INTERNAL_ERROR); 1007 goto err; 1008 } 1009 if (EVP_MD_CTX_type(mdc) == md_type) 1010 break; 1011 /* Workaround for some broken clients that put the signature 1012 * OID instead of the digest OID in digest_alg->algorithm 1013 */ 1014 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type) 1015 break; 1016 btmp=BIO_next(btmp); 1017 } 1018 1019 /* mdc is the digest ctx that we want, unless there are attributes, 1020 * in which case the digest is the signed attributes */ 1021 EVP_MD_CTX_copy_ex(&mdc_tmp,mdc); 1022 1023 sk=si->auth_attr; 1024 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) 1025 { 1026 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; 1027 unsigned int md_len; 1028 int alen; 1029 ASN1_OCTET_STRING *message_digest; 1030 1031 EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len); 1032 message_digest=PKCS7_digest_from_attributes(sk); 1033 if (!message_digest) 1034 { 1035 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1036 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 1037 goto err; 1038 } 1039 if ((message_digest->length != (int)md_len) || 1040 (memcmp(message_digest->data,md_dat,md_len))) 1041 { 1042 #if 0 1043 { 1044 int ii; 1045 for (ii=0; ii<message_digest->length; ii++) 1046 printf("%02X",message_digest->data[ii]); printf(" sent\n"); 1047 for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); 1048 } 1049 #endif 1050 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1051 PKCS7_R_DIGEST_FAILURE); 1052 ret= -1; 1053 goto err; 1054 } 1055 1056 EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL); 1057 1058 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, 1059 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); 1060 if (alen <= 0) 1061 { 1062 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB); 1063 ret = -1; 1064 goto err; 1065 } 1066 EVP_VerifyUpdate(&mdc_tmp, abuf, alen); 1067 1068 OPENSSL_free(abuf); 1069 } 1070 1071 os=si->enc_digest; 1072 pkey = X509_get_pubkey(x509); 1073 if (!pkey) 1074 { 1075 ret = -1; 1076 goto err; 1077 } 1078 1079 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 1080 EVP_PKEY_free(pkey); 1081 if (i <= 0) 1082 { 1083 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1084 PKCS7_R_SIGNATURE_FAILURE); 1085 ret= -1; 1086 goto err; 1087 } 1088 else 1089 ret=1; 1090 err: 1091 EVP_MD_CTX_cleanup(&mdc_tmp); 1092 return(ret); 1093 } 1094 1095 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) 1096 { 1097 STACK_OF(PKCS7_RECIP_INFO) *rsk; 1098 PKCS7_RECIP_INFO *ri; 1099 int i; 1100 1101 i=OBJ_obj2nid(p7->type); 1102 if (i != NID_pkcs7_signedAndEnveloped) 1103 return NULL; 1104 if (p7->d.signed_and_enveloped == NULL) 1105 return NULL; 1106 rsk=p7->d.signed_and_enveloped->recipientinfo; 1107 if (rsk == NULL) 1108 return NULL; 1109 ri=sk_PKCS7_RECIP_INFO_value(rsk,0); 1110 if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); 1111 ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); 1112 return(ri->issuer_and_serial); 1113 } 1114 1115 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) 1116 { 1117 return(get_attribute(si->auth_attr,nid)); 1118 } 1119 1120 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) 1121 { 1122 return(get_attribute(si->unauth_attr,nid)); 1123 } 1124 1125 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) 1126 { 1127 int i; 1128 X509_ATTRIBUTE *xa; 1129 ASN1_OBJECT *o; 1130 1131 o=OBJ_nid2obj(nid); 1132 if (!o || !sk) return(NULL); 1133 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1134 { 1135 xa=sk_X509_ATTRIBUTE_value(sk,i); 1136 if (OBJ_cmp(xa->object,o) == 0) 1137 { 1138 if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) 1139 return(sk_ASN1_TYPE_value(xa->value.set,0)); 1140 else 1141 return(NULL); 1142 } 1143 } 1144 return(NULL); 1145 } 1146 1147 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) 1148 { 1149 ASN1_TYPE *astype; 1150 if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; 1151 return astype->value.octet_string; 1152 } 1153 1154 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, 1155 STACK_OF(X509_ATTRIBUTE) *sk) 1156 { 1157 int i; 1158 1159 if (p7si->auth_attr != NULL) 1160 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); 1161 p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); 1162 if (p7si->auth_attr == NULL) 1163 return 0; 1164 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1165 { 1166 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, 1167 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) 1168 == NULL) 1169 return(0); 1170 } 1171 return(1); 1172 } 1173 1174 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) 1175 { 1176 int i; 1177 1178 if (p7si->unauth_attr != NULL) 1179 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, 1180 X509_ATTRIBUTE_free); 1181 p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); 1182 if (p7si->unauth_attr == NULL) 1183 return 0; 1184 for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) 1185 { 1186 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, 1187 X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) 1188 == NULL) 1189 return(0); 1190 } 1191 return(1); 1192 } 1193 1194 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1195 void *value) 1196 { 1197 return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); 1198 } 1199 1200 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, 1201 void *value) 1202 { 1203 return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); 1204 } 1205 1206 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 1207 void *value) 1208 { 1209 X509_ATTRIBUTE *attr=NULL; 1210 1211 if (*sk == NULL) 1212 { 1213 *sk = sk_X509_ATTRIBUTE_new_null(); 1214 if (*sk == NULL) 1215 return 0; 1216 new_attrib: 1217 if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) 1218 return 0; 1219 if (!sk_X509_ATTRIBUTE_push(*sk,attr)) 1220 { 1221 X509_ATTRIBUTE_free(attr); 1222 return 0; 1223 } 1224 } 1225 else 1226 { 1227 int i; 1228 1229 for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++) 1230 { 1231 attr=sk_X509_ATTRIBUTE_value(*sk,i); 1232 if (OBJ_obj2nid(attr->object) == nid) 1233 { 1234 X509_ATTRIBUTE_free(attr); 1235 attr=X509_ATTRIBUTE_create(nid,atrtype,value); 1236 if (attr == NULL) 1237 return 0; 1238 if (!sk_X509_ATTRIBUTE_set(*sk,i,attr)) 1239 { 1240 X509_ATTRIBUTE_free(attr); 1241 return 0; 1242 } 1243 goto end; 1244 } 1245 } 1246 goto new_attrib; 1247 } 1248 end: 1249 return(1); 1250 } 1251 1252