xref: /openssl/crypto/pkcs7/pk7_doit.c (revision a64d26ac)
1 /*
2  * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include <openssl/rand.h>
12 #include <openssl/objects.h>
13 #include <openssl/x509.h>
14 #include <openssl/x509v3.h>
15 #include <openssl/err.h>
16 #include "internal/cryptlib.h"
17 #include "internal/sizes.h"
18 #include "crypto/evp.h"
19 #include "pk7_local.h"
20 
21 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
22                          void *value);
23 static ASN1_TYPE *get_attribute(const STACK_OF(X509_ATTRIBUTE) *sk, int nid);
24 
PKCS7_type_is_other(PKCS7 * p7)25 int PKCS7_type_is_other(PKCS7 *p7)
26 {
27     int isOther = 1;
28 
29     int nid = OBJ_obj2nid(p7->type);
30 
31     switch (nid) {
32     case NID_pkcs7_data:
33     case NID_pkcs7_signed:
34     case NID_pkcs7_enveloped:
35     case NID_pkcs7_signedAndEnveloped:
36     case NID_pkcs7_digest:
37     case NID_pkcs7_encrypted:
38         isOther = 0;
39         break;
40     default:
41         isOther = 1;
42     }
43 
44     return isOther;
45 
46 }
47 
PKCS7_get_octet_string(PKCS7 * p7)48 ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
49 {
50     if (PKCS7_type_is_data(p7))
51         return p7->d.data;
52     if (PKCS7_type_is_other(p7) && p7->d.other
53         && (p7->d.other->type == V_ASN1_OCTET_STRING))
54         return p7->d.other->value.octet_string;
55     return NULL;
56 }
57 
pkcs7_get1_data(PKCS7 * p7)58 static ASN1_OCTET_STRING *pkcs7_get1_data(PKCS7 *p7)
59 {
60     ASN1_OCTET_STRING *os = PKCS7_get_octet_string(p7);
61 
62     if (os != NULL) {
63         /* Edge case for MIME content, see RFC 5652 section-5.2.1 */
64         ASN1_OCTET_STRING *osdup = ASN1_OCTET_STRING_dup(os);
65 
66         if (osdup != NULL && (os->flags & ASN1_STRING_FLAG_NDEF))
67             /* ASN1_STRING_FLAG_NDEF flag is currently used by openssl-smime */
68             ASN1_STRING_set0(osdup, NULL, 0);
69         return osdup;
70     }
71 
72     /* General case for PKCS#7 content, see RFC 2315 section-7 */
73     if (PKCS7_type_is_other(p7) && (p7->d.other != NULL)
74             && (p7->d.other->type == V_ASN1_SEQUENCE)
75             && (p7->d.other->value.sequence != NULL)
76             && (p7->d.other->value.sequence->length > 0)) {
77         const unsigned char *data = p7->d.other->value.sequence->data;
78         long len;
79         int inf, tag, class;
80 
81         os = ASN1_OCTET_STRING_new();
82         if (os == NULL)
83             return NULL;
84         inf = ASN1_get_object(&data, &len, &tag, &class,
85                               p7->d.other->value.sequence->length);
86         if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE
87                 || !ASN1_OCTET_STRING_set(os, data, len)) {
88             ASN1_OCTET_STRING_free(os);
89             os = NULL;
90         }
91     }
92     return os;
93 }
94 
pkcs7_bio_add_digest(BIO ** pbio,X509_ALGOR * alg,const PKCS7_CTX * ctx)95 static int pkcs7_bio_add_digest(BIO **pbio, X509_ALGOR *alg,
96                                 const PKCS7_CTX *ctx)
97 {
98     BIO *btmp;
99     char name[OSSL_MAX_NAME_SIZE];
100     EVP_MD *fetched = NULL;
101     const EVP_MD *md;
102 
103     if ((btmp = BIO_new(BIO_f_md())) == NULL) {
104         ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
105         goto err;
106     }
107 
108     OBJ_obj2txt(name, sizeof(name), alg->algorithm, 0);
109 
110     (void)ERR_set_mark();
111     fetched = EVP_MD_fetch(ossl_pkcs7_ctx_get0_libctx(ctx), name,
112                            ossl_pkcs7_ctx_get0_propq(ctx));
113     if (fetched != NULL)
114         md = fetched;
115     else
116         md = EVP_get_digestbyname(name);
117 
118     if (md == NULL) {
119         (void)ERR_clear_last_mark();
120         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE);
121         goto err;
122     }
123     (void)ERR_pop_to_mark();
124 
125     if (BIO_set_md(btmp, md) <= 0) {
126         ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
127         EVP_MD_free(fetched);
128         goto err;
129     }
130     EVP_MD_free(fetched);
131     if (*pbio == NULL)
132         *pbio = btmp;
133     else if (!BIO_push(*pbio, btmp)) {
134         ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
135         goto err;
136     }
137     btmp = NULL;
138 
139     return 1;
140 
141  err:
142     BIO_free(btmp);
143     return 0;
144 }
145 
pkcs7_encode_rinfo(PKCS7_RECIP_INFO * ri,unsigned char * key,int keylen)146 static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
147                               unsigned char *key, int keylen)
148 {
149     EVP_PKEY_CTX *pctx = NULL;
150     EVP_PKEY *pkey = NULL;
151     unsigned char *ek = NULL;
152     int ret = 0;
153     size_t eklen;
154     const PKCS7_CTX *ctx = ri->ctx;
155 
156     pkey = X509_get0_pubkey(ri->cert);
157     if (pkey == NULL)
158         return 0;
159 
160     pctx = EVP_PKEY_CTX_new_from_pkey(ossl_pkcs7_ctx_get0_libctx(ctx), pkey,
161                                       ossl_pkcs7_ctx_get0_propq(ctx));
162     if (pctx == NULL)
163         return 0;
164 
165     if (EVP_PKEY_encrypt_init(pctx) <= 0)
166         goto err;
167 
168     if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
169         goto err;
170 
171     ek = OPENSSL_malloc(eklen);
172     if (ek == NULL)
173         goto err;
174 
175     if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
176         goto err;
177 
178     ASN1_STRING_set0(ri->enc_key, ek, eklen);
179     ek = NULL;
180 
181     ret = 1;
182 
183  err:
184     EVP_PKEY_CTX_free(pctx);
185     OPENSSL_free(ek);
186     return ret;
187 
188 }
189 
pkcs7_decrypt_rinfo(unsigned char ** pek,int * peklen,PKCS7_RECIP_INFO * ri,EVP_PKEY * pkey,size_t fixlen)190 static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
191                                PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey,
192                                size_t fixlen)
193 {
194     EVP_PKEY_CTX *pctx = NULL;
195     unsigned char *ek = NULL;
196     size_t eklen;
197     int ret = -1;
198     const PKCS7_CTX *ctx = ri->ctx;
199 
200     pctx = EVP_PKEY_CTX_new_from_pkey(ossl_pkcs7_ctx_get0_libctx(ctx), pkey,
201                                       ossl_pkcs7_ctx_get0_propq(ctx));
202     if (pctx == NULL)
203         return -1;
204 
205     if (EVP_PKEY_decrypt_init(pctx) <= 0)
206         goto err;
207 
208     if (EVP_PKEY_is_a(pkey, "RSA"))
209         /* upper layer pkcs7 code incorrectly assumes that a successful RSA
210          * decryption means that the key matches ciphertext (which never
211          * was the case, implicit rejection or not), so to make it work
212          * disable implicit rejection for RSA keys */
213         EVP_PKEY_CTX_ctrl_str(pctx, "rsa_pkcs1_implicit_rejection", "0");
214 
215     ret = evp_pkey_decrypt_alloc(pctx, &ek, &eklen, fixlen,
216                                  ri->enc_key->data, ri->enc_key->length);
217     if (ret <= 0)
218         goto err;
219 
220     ret = 1;
221 
222     OPENSSL_clear_free(*pek, *peklen);
223     *pek = ek;
224     *peklen = eklen;
225 
226  err:
227     EVP_PKEY_CTX_free(pctx);
228     if (!ret)
229         OPENSSL_free(ek);
230 
231     return ret;
232 }
233 
PKCS7_dataInit(PKCS7 * p7,BIO * bio)234 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
235 {
236     int i;
237     BIO *out = NULL, *btmp = NULL;
238     X509_ALGOR *xa = NULL;
239     EVP_CIPHER *fetched_cipher = NULL;
240     const EVP_CIPHER *cipher;
241     const EVP_CIPHER *evp_cipher = NULL;
242     STACK_OF(X509_ALGOR) *md_sk = NULL;
243     STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
244     X509_ALGOR *xalg = NULL;
245     PKCS7_RECIP_INFO *ri = NULL;
246     ASN1_OCTET_STRING *os = NULL;
247     const PKCS7_CTX *p7_ctx;
248     OSSL_LIB_CTX *libctx;
249     const char *propq;
250 
251     if (p7 == NULL) {
252         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
253         return NULL;
254     }
255     p7_ctx = ossl_pkcs7_get0_ctx(p7);
256     libctx = ossl_pkcs7_ctx_get0_libctx(p7_ctx);
257     propq = ossl_pkcs7_ctx_get0_propq(p7_ctx);
258 
259     /*
260      * The content field in the PKCS7 ContentInfo is optional, but that really
261      * only applies to inner content (precisely, detached signatures).
262      *
263      * When reading content, missing outer content is therefore treated as an
264      * error.
265      *
266      * When creating content, PKCS7_content_new() must be called before
267      * calling this method, so a NULL p7->d is always an error.
268      */
269     if (p7->d.ptr == NULL) {
270         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
271         return NULL;
272     }
273 
274     i = OBJ_obj2nid(p7->type);
275     p7->state = PKCS7_S_HEADER;
276 
277     switch (i) {
278     case NID_pkcs7_signed:
279         md_sk = p7->d.sign->md_algs;
280         os = pkcs7_get1_data(p7->d.sign->contents);
281         break;
282     case NID_pkcs7_signedAndEnveloped:
283         rsk = p7->d.signed_and_enveloped->recipientinfo;
284         md_sk = p7->d.signed_and_enveloped->md_algs;
285         xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
286         evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
287         if (evp_cipher == NULL) {
288             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED);
289             goto err;
290         }
291         break;
292     case NID_pkcs7_enveloped:
293         rsk = p7->d.enveloped->recipientinfo;
294         xalg = p7->d.enveloped->enc_data->algorithm;
295         evp_cipher = p7->d.enveloped->enc_data->cipher;
296         if (evp_cipher == NULL) {
297             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_CIPHER_NOT_INITIALIZED);
298             goto err;
299         }
300         break;
301     case NID_pkcs7_digest:
302         xa = p7->d.digest->md;
303         os = pkcs7_get1_data(p7->d.digest->contents);
304         break;
305     case NID_pkcs7_data:
306         break;
307     default:
308         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
309         goto err;
310     }
311 
312     for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
313         if (!pkcs7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i), p7_ctx))
314             goto err;
315 
316     if (xa && !pkcs7_bio_add_digest(&out, xa, p7_ctx))
317         goto err;
318 
319     if (evp_cipher != NULL) {
320         unsigned char key[EVP_MAX_KEY_LENGTH];
321         unsigned char iv[EVP_MAX_IV_LENGTH];
322         int keylen, ivlen;
323         EVP_CIPHER_CTX *ctx;
324 
325         if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
326             ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
327             goto err;
328         }
329         BIO_get_cipher_ctx(btmp, &ctx);
330         keylen = EVP_CIPHER_get_key_length(evp_cipher);
331         ivlen = EVP_CIPHER_get_iv_length(evp_cipher);
332         xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_get_type(evp_cipher));
333         if (ivlen > 0)
334             if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0)
335                 goto err;
336 
337         (void)ERR_set_mark();
338         fetched_cipher = EVP_CIPHER_fetch(libctx,
339                                           EVP_CIPHER_get0_name(evp_cipher),
340                                           propq);
341         (void)ERR_pop_to_mark();
342         if (fetched_cipher != NULL)
343             cipher = fetched_cipher;
344         else
345             cipher = evp_cipher;
346 
347         if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, 1) <= 0)
348             goto err;
349 
350         EVP_CIPHER_free(fetched_cipher);
351         fetched_cipher = NULL;
352 
353         if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
354             goto err;
355         if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
356             goto err;
357 
358         if (ivlen > 0) {
359             if (xalg->parameter == NULL) {
360                 xalg->parameter = ASN1_TYPE_new();
361                 if (xalg->parameter == NULL)
362                     goto err;
363             }
364             if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0)
365                 goto err;
366         }
367 
368         /* Lets do the pub key stuff :-) */
369         for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
370             ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
371             if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
372                 goto err;
373         }
374         OPENSSL_cleanse(key, keylen);
375 
376         if (out == NULL)
377             out = btmp;
378         else
379             BIO_push(out, btmp);
380         btmp = NULL;
381     }
382 
383     if (bio == NULL) {
384         if (PKCS7_is_detached(p7)) {
385             bio = BIO_new(BIO_s_null());
386         } else if (os != NULL && os->length > 0) {
387             /*
388              * bio needs a copy of os->data instead of a pointer because
389              * the data will be used after os has been freed
390              */
391             bio = BIO_new(BIO_s_mem());
392             if (bio != NULL) {
393                 BIO_set_mem_eof_return(bio, 0);
394                 if (BIO_write(bio, os->data, os->length) != os->length) {
395                     BIO_free_all(bio);
396                     bio = NULL;
397                 }
398             }
399         } else {
400             bio = BIO_new(BIO_s_mem());
401             if (bio == NULL)
402                 goto err;
403             BIO_set_mem_eof_return(bio, 0);
404         }
405         if (bio == NULL)
406             goto err;
407     }
408     if (out)
409         BIO_push(out, bio);
410     else
411         out = bio;
412 
413     ASN1_OCTET_STRING_free(os);
414     return out;
415 
416  err:
417     ASN1_OCTET_STRING_free(os);
418     EVP_CIPHER_free(fetched_cipher);
419     BIO_free_all(out);
420     BIO_free_all(btmp);
421     return NULL;
422 }
423 
pkcs7_cmp_ri(PKCS7_RECIP_INFO * ri,X509 * pcert)424 static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
425 {
426     int ret;
427     ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
428                         X509_get_issuer_name(pcert));
429     if (ret)
430         return ret;
431     return ASN1_INTEGER_cmp(X509_get0_serialNumber(pcert),
432                             ri->issuer_and_serial->serial);
433 }
434 
435 /* int */
PKCS7_dataDecode(PKCS7 * p7,EVP_PKEY * pkey,BIO * in_bio,X509 * pcert)436 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
437 {
438     int i, len;
439     BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
440     X509_ALGOR *xa;
441     ASN1_OCTET_STRING *data_body = NULL;
442     EVP_MD *evp_md = NULL;
443     const EVP_MD *md;
444     EVP_CIPHER *evp_cipher = NULL;
445     const EVP_CIPHER *cipher = NULL;
446     EVP_CIPHER_CTX *evp_ctx = NULL;
447     X509_ALGOR *enc_alg = NULL;
448     STACK_OF(X509_ALGOR) *md_sk = NULL;
449     STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
450     PKCS7_RECIP_INFO *ri = NULL;
451     unsigned char *ek = NULL, *tkey = NULL;
452     int eklen = 0, tkeylen = 0;
453     char name[OSSL_MAX_NAME_SIZE];
454     const PKCS7_CTX *p7_ctx;
455     OSSL_LIB_CTX *libctx;
456     const char *propq;
457 
458     if (p7 == NULL) {
459         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
460         return NULL;
461     }
462 
463     p7_ctx = ossl_pkcs7_get0_ctx(p7);
464     libctx = ossl_pkcs7_ctx_get0_libctx(p7_ctx);
465     propq = ossl_pkcs7_ctx_get0_propq(p7_ctx);
466 
467     if (p7->d.ptr == NULL) {
468         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
469         return NULL;
470     }
471 
472     i = OBJ_obj2nid(p7->type);
473     p7->state = PKCS7_S_HEADER;
474 
475     switch (i) {
476     case NID_pkcs7_signed:
477         /*
478          * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
479          * field and optional content.
480          * data_body is NULL if that structure has no (=detached) content
481          * or if the contentType is wrong (i.e., not "data").
482          */
483         data_body = PKCS7_get_octet_string(p7->d.sign->contents);
484         if (!PKCS7_is_detached(p7) && data_body == NULL) {
485             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_SIGNED_DATA_TYPE);
486             goto err;
487         }
488         md_sk = p7->d.sign->md_algs;
489         break;
490     case NID_pkcs7_signedAndEnveloped:
491         rsk = p7->d.signed_and_enveloped->recipientinfo;
492         md_sk = p7->d.signed_and_enveloped->md_algs;
493         /* data_body is NULL if the optional EncryptedContent is missing. */
494         data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
495         enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
496 
497         OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0);
498 
499         (void)ERR_set_mark();
500         evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
501         if (evp_cipher != NULL)
502             cipher = evp_cipher;
503         else
504             cipher = EVP_get_cipherbyname(name);
505 
506         if (cipher == NULL) {
507             (void)ERR_clear_last_mark();
508             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
509             goto err;
510         }
511         (void)ERR_pop_to_mark();
512         break;
513     case NID_pkcs7_enveloped:
514         rsk = p7->d.enveloped->recipientinfo;
515         enc_alg = p7->d.enveloped->enc_data->algorithm;
516         /* data_body is NULL if the optional EncryptedContent is missing. */
517         data_body = p7->d.enveloped->enc_data->enc_data;
518         OBJ_obj2txt(name, sizeof(name), enc_alg->algorithm, 0);
519 
520         (void)ERR_set_mark();
521         evp_cipher = EVP_CIPHER_fetch(libctx, name, propq);
522         if (evp_cipher != NULL)
523             cipher = evp_cipher;
524         else
525             cipher = EVP_get_cipherbyname(name);
526 
527         if (cipher == NULL) {
528             (void)ERR_clear_last_mark();
529             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
530             goto err;
531         }
532         (void)ERR_pop_to_mark();
533         break;
534     default:
535         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
536         goto err;
537     }
538 
539     /* Detached content must be supplied via in_bio instead. */
540     if (data_body == NULL && in_bio == NULL) {
541         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
542         goto err;
543     }
544 
545     /* We will be checking the signature */
546     if (md_sk != NULL) {
547         for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
548             xa = sk_X509_ALGOR_value(md_sk, i);
549             if ((btmp = BIO_new(BIO_f_md())) == NULL) {
550                 ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
551                 goto err;
552             }
553 
554             OBJ_obj2txt(name, sizeof(name), xa->algorithm, 0);
555 
556             (void)ERR_set_mark();
557             evp_md = EVP_MD_fetch(libctx, name, propq);
558             if (evp_md != NULL)
559                 md = evp_md;
560             else
561                 md = EVP_get_digestbyname(name);
562 
563             if (md == NULL) {
564                 (void)ERR_clear_last_mark();
565                 ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNKNOWN_DIGEST_TYPE);
566                 goto err;
567             }
568             (void)ERR_pop_to_mark();
569 
570             if (BIO_set_md(btmp, md) <= 0) {
571                 EVP_MD_free(evp_md);
572                 ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
573                 goto err;
574             }
575             EVP_MD_free(evp_md);
576             if (out == NULL)
577                 out = btmp;
578             else
579                 BIO_push(out, btmp);
580             btmp = NULL;
581         }
582     }
583 
584     if (cipher != NULL) {
585         if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
586             ERR_raise(ERR_LIB_PKCS7, ERR_R_BIO_LIB);
587             goto err;
588         }
589 
590         /*
591          * It was encrypted, we need to decrypt the secret key with the
592          * private key
593          */
594 
595         /*
596          * Find the recipientInfo which matches the passed certificate (if
597          * any)
598          */
599 
600         if (pcert) {
601             for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
602                 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
603                 if (!pkcs7_cmp_ri(ri, pcert))
604                     break;
605                 ri = NULL;
606             }
607             if (ri == NULL) {
608                 ERR_raise(ERR_LIB_PKCS7,
609                           PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
610                 goto err;
611             }
612         }
613 
614         /* If we haven't got a certificate try each ri in turn */
615         if (pcert == NULL) {
616             /*
617              * Always attempt to decrypt all rinfo even after success as a
618              * defence against MMA timing attacks.
619              */
620             for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
621                 ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
622                 ri->ctx = p7_ctx;
623                 if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey,
624                         EVP_CIPHER_get_key_length(cipher)) < 0)
625                     goto err;
626                 ERR_clear_error();
627             }
628         } else {
629             ri->ctx = p7_ctx;
630             /* Only exit on fatal errors, not decrypt failure */
631             if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0)
632                 goto err;
633             ERR_clear_error();
634         }
635 
636         evp_ctx = NULL;
637         BIO_get_cipher_ctx(etmp, &evp_ctx);
638         if (EVP_CipherInit_ex(evp_ctx, cipher, NULL, NULL, NULL, 0) <= 0)
639             goto err;
640         if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) <= 0)
641             goto err;
642         /* Generate random key as MMA defence */
643         len = EVP_CIPHER_CTX_get_key_length(evp_ctx);
644         if (len <= 0)
645             goto err;
646         tkeylen = (size_t)len;
647         tkey = OPENSSL_malloc(tkeylen);
648         if (tkey == NULL)
649             goto err;
650         if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
651             goto err;
652         if (ek == NULL) {
653             ek = tkey;
654             eklen = tkeylen;
655             tkey = NULL;
656         }
657 
658         if (eklen != EVP_CIPHER_CTX_get_key_length(evp_ctx)) {
659             /*
660              * Some S/MIME clients don't use the same key and effective key
661              * length. The key length is determined by the size of the
662              * decrypted RSA key.
663              */
664             if (EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen) <= 0) {
665                 /* Use random key as MMA defence */
666                 OPENSSL_clear_free(ek, eklen);
667                 ek = tkey;
668                 eklen = tkeylen;
669                 tkey = NULL;
670             }
671         }
672         /* Clear errors so we don't leak information useful in MMA */
673         ERR_clear_error();
674         if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
675             goto err;
676 
677         OPENSSL_clear_free(ek, eklen);
678         ek = NULL;
679         OPENSSL_clear_free(tkey, tkeylen);
680         tkey = NULL;
681 
682         if (out == NULL)
683             out = etmp;
684         else
685             BIO_push(out, etmp);
686         etmp = NULL;
687     }
688     if (in_bio != NULL) {
689         bio = in_bio;
690     } else {
691         if (data_body->length > 0)
692             bio = BIO_new_mem_buf(data_body->data, data_body->length);
693         else {
694             bio = BIO_new(BIO_s_mem());
695             if (bio == NULL)
696                 goto err;
697             BIO_set_mem_eof_return(bio, 0);
698         }
699         if (bio == NULL)
700             goto err;
701     }
702     BIO_push(out, bio);
703     bio = NULL;
704     EVP_CIPHER_free(evp_cipher);
705     return out;
706 
707  err:
708     EVP_CIPHER_free(evp_cipher);
709     OPENSSL_clear_free(ek, eklen);
710     OPENSSL_clear_free(tkey, tkeylen);
711     BIO_free_all(out);
712     BIO_free_all(btmp);
713     BIO_free_all(etmp);
714     BIO_free_all(bio);
715     return NULL;
716 }
717 
PKCS7_find_digest(EVP_MD_CTX ** pmd,BIO * bio,int nid)718 static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
719 {
720     for (;;) {
721         bio = BIO_find_type(bio, BIO_TYPE_MD);
722         if (bio == NULL) {
723             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
724             return NULL;
725         }
726         BIO_get_md_ctx(bio, pmd);
727         if (*pmd == NULL) {
728             ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR);
729             return NULL;
730         }
731         if (EVP_MD_CTX_get_type(*pmd) == nid)
732             return bio;
733         bio = BIO_next(bio);
734     }
735     return NULL;
736 }
737 
do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO * si,EVP_MD_CTX * mctx)738 static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
739 {
740     unsigned char md_data[EVP_MAX_MD_SIZE];
741     unsigned int md_len;
742 
743     /* Add signing time if not already present */
744     if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
745         if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
746             ERR_raise(ERR_LIB_PKCS7, ERR_R_PKCS7_LIB);
747             return 0;
748         }
749     }
750 
751     /* Add digest */
752     if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
753         ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB);
754         return 0;
755     }
756     if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
757         ERR_raise(ERR_LIB_PKCS7, ERR_R_PKCS7_LIB);
758         return 0;
759     }
760 
761     /* Now sign the attributes */
762     if (!PKCS7_SIGNER_INFO_sign(si))
763         return 0;
764 
765     return 1;
766 }
767 
PKCS7_dataFinal(PKCS7 * p7,BIO * bio)768 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
769 {
770     int ret = 0;
771     int i, j;
772     BIO *btmp;
773     PKCS7_SIGNER_INFO *si;
774     EVP_MD_CTX *mdc, *ctx_tmp;
775     STACK_OF(X509_ATTRIBUTE) *sk;
776     STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
777     ASN1_OCTET_STRING *os = NULL;
778     const PKCS7_CTX *p7_ctx;
779 
780     if (p7 == NULL) {
781         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
782         return 0;
783     }
784 
785     p7_ctx = ossl_pkcs7_get0_ctx(p7);
786 
787     if (p7->d.ptr == NULL) {
788         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
789         return 0;
790     }
791 
792     ctx_tmp = EVP_MD_CTX_new();
793     if (ctx_tmp == NULL) {
794         ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB);
795         return 0;
796     }
797 
798     i = OBJ_obj2nid(p7->type);
799     p7->state = PKCS7_S_HEADER;
800 
801     switch (i) {
802     case NID_pkcs7_data:
803         os = p7->d.data;
804         break;
805     case NID_pkcs7_signedAndEnveloped:
806         /* XXXXXXXXXXXXXXXX */
807         si_sk = p7->d.signed_and_enveloped->signer_info;
808         os = p7->d.signed_and_enveloped->enc_data->enc_data;
809         if (os == NULL) {
810             os = ASN1_OCTET_STRING_new();
811             if (os == NULL) {
812                 ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB);
813                 goto err;
814             }
815             p7->d.signed_and_enveloped->enc_data->enc_data = os;
816         }
817         break;
818     case NID_pkcs7_enveloped:
819         /* XXXXXXXXXXXXXXXX */
820         os = p7->d.enveloped->enc_data->enc_data;
821         if (os == NULL) {
822             os = ASN1_OCTET_STRING_new();
823             if (os == NULL) {
824                 ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB);
825                 goto err;
826             }
827             p7->d.enveloped->enc_data->enc_data = os;
828         }
829         break;
830     case NID_pkcs7_signed:
831         si_sk = p7->d.sign->signer_info;
832         os = PKCS7_get_octet_string(p7->d.sign->contents);
833         /* If detached data then the content is excluded */
834         if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
835             ASN1_OCTET_STRING_free(os);
836             os = NULL;
837             p7->d.sign->contents->d.data = NULL;
838         }
839         break;
840 
841     case NID_pkcs7_digest:
842         os = PKCS7_get_octet_string(p7->d.digest->contents);
843         /* If detached data then the content is excluded */
844         if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
845             ASN1_OCTET_STRING_free(os);
846             os = NULL;
847             p7->d.digest->contents->d.data = NULL;
848         }
849         break;
850 
851     default:
852         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
853         goto err;
854     }
855 
856     if (si_sk != NULL) {
857         for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
858             si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
859             if (si->pkey == NULL)
860                 continue;
861 
862             j = OBJ_obj2nid(si->digest_alg->algorithm);
863 
864             btmp = bio;
865 
866             btmp = PKCS7_find_digest(&mdc, btmp, j);
867 
868             if (btmp == NULL)
869                 goto err;
870 
871             /*
872              * We now have the EVP_MD_CTX, lets do the signing.
873              */
874             if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
875                 goto err;
876 
877             sk = si->auth_attr;
878 
879             /*
880              * If there are attributes, we add the digest attribute and only
881              * sign the attributes
882              */
883             if (sk_X509_ATTRIBUTE_num(sk) > 0) {
884                 if (!do_pkcs7_signed_attrib(si, ctx_tmp))
885                     goto err;
886             } else {
887                 unsigned char *abuf = NULL;
888                 unsigned int abuflen = EVP_PKEY_get_size(si->pkey);
889 
890                 if (abuflen == 0 || (abuf = OPENSSL_malloc(abuflen)) == NULL)
891                     goto err;
892 
893                 if (!EVP_SignFinal_ex(ctx_tmp, abuf, &abuflen, si->pkey,
894                                       ossl_pkcs7_ctx_get0_libctx(p7_ctx),
895                                       ossl_pkcs7_ctx_get0_propq(p7_ctx))) {
896                     OPENSSL_free(abuf);
897                     ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB);
898                     goto err;
899                 }
900                 ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
901             }
902         }
903     } else if (i == NID_pkcs7_digest) {
904         unsigned char md_data[EVP_MAX_MD_SIZE];
905         unsigned int md_len;
906         if (!PKCS7_find_digest(&mdc, bio,
907                                OBJ_obj2nid(p7->d.digest->md->algorithm)))
908             goto err;
909         if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
910             goto err;
911         if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len))
912             goto err;
913     }
914 
915     if (!PKCS7_is_detached(p7)) {
916         /*
917          * NOTE(emilia): I think we only reach os == NULL here because detached
918          * digested data support is broken.
919          */
920         if (os == NULL)
921             goto err;
922         if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
923             char *cont;
924             long contlen;
925             btmp = BIO_find_type(bio, BIO_TYPE_MEM);
926             if (btmp == NULL) {
927                 ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
928                 goto err;
929             }
930             contlen = BIO_get_mem_data(btmp, &cont);
931             /*
932              * Mark the BIO read only then we can use its copy of the data
933              * instead of making an extra copy.
934              */
935             BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
936             BIO_set_mem_eof_return(btmp, 0);
937             ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
938         }
939     }
940     ret = 1;
941  err:
942     EVP_MD_CTX_free(ctx_tmp);
943     return ret;
944 }
945 
PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO * si)946 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
947 {
948     EVP_MD_CTX *mctx;
949     EVP_PKEY_CTX *pctx = NULL;
950     unsigned char *abuf = NULL;
951     int alen;
952     size_t siglen;
953     const EVP_MD *md = NULL;
954     const PKCS7_CTX *ctx = si->ctx;
955 
956     md = EVP_get_digestbyobj(si->digest_alg->algorithm);
957     if (md == NULL)
958         return 0;
959 
960     mctx = EVP_MD_CTX_new();
961     if (mctx == NULL) {
962         ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB);
963         goto err;
964     }
965 
966     if (EVP_DigestSignInit_ex(mctx, &pctx, EVP_MD_get0_name(md),
967                               ossl_pkcs7_ctx_get0_libctx(ctx),
968                               ossl_pkcs7_ctx_get0_propq(ctx), si->pkey,
969                               NULL) <= 0)
970         goto err;
971 
972     alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
973                          ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
974     if (alen < 0 || abuf == NULL)
975         goto err;
976     if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
977         goto err;
978     OPENSSL_free(abuf);
979     abuf = NULL;
980     if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
981         goto err;
982     abuf = OPENSSL_malloc(siglen);
983     if (abuf == NULL)
984         goto err;
985     if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
986         goto err;
987 
988     EVP_MD_CTX_free(mctx);
989 
990     ASN1_STRING_set0(si->enc_digest, abuf, siglen);
991 
992     return 1;
993 
994  err:
995     OPENSSL_free(abuf);
996     EVP_MD_CTX_free(mctx);
997     return 0;
998 }
999 
1000 /* This partly overlaps with PKCS7_verify(). It does not support flags. */
PKCS7_dataVerify(X509_STORE * cert_store,X509_STORE_CTX * ctx,BIO * bio,PKCS7 * p7,PKCS7_SIGNER_INFO * si)1001 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
1002                      PKCS7 *p7, PKCS7_SIGNER_INFO *si)
1003 {
1004     PKCS7_ISSUER_AND_SERIAL *ias;
1005     int ret = 0, i;
1006     STACK_OF(X509) *untrusted;
1007     STACK_OF(X509_CRL) *crls;
1008     X509 *signer;
1009 
1010     if (p7 == NULL) {
1011         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_INVALID_NULL_POINTER);
1012         return 0;
1013     }
1014 
1015     if (p7->d.ptr == NULL) {
1016         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
1017         return 0;
1018     }
1019 
1020     if (PKCS7_type_is_signed(p7)) {
1021         untrusted = p7->d.sign->cert;
1022         crls = p7->d.sign->crl;
1023     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
1024         untrusted = p7->d.signed_and_enveloped->cert;
1025         crls = p7->d.signed_and_enveloped->crl;
1026     } else {
1027         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_PKCS7_TYPE);
1028         goto err;
1029     }
1030     X509_STORE_CTX_set0_crls(ctx, crls);
1031 
1032     /* XXXXXXXXXXXXXXXXXXXXXXX */
1033     ias = si->issuer_and_serial;
1034 
1035     signer = X509_find_by_issuer_and_serial(untrusted, ias->issuer, ias->serial);
1036 
1037     /* Were we able to find the signer certificate in passed to us? */
1038     if (signer == NULL) {
1039         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
1040         goto err;
1041     }
1042 
1043     /* Lets verify */
1044     if (!X509_STORE_CTX_init(ctx, cert_store, signer, untrusted)) {
1045         ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB);
1046         goto err;
1047     }
1048     X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
1049     i = X509_verify_cert(ctx);
1050     if (i <= 0) {
1051         ERR_raise(ERR_LIB_PKCS7, ERR_R_X509_LIB);
1052         goto err;
1053     }
1054 
1055     return PKCS7_signatureVerify(bio, p7, si, signer);
1056  err:
1057     return ret;
1058 }
1059 
PKCS7_signatureVerify(BIO * bio,PKCS7 * p7,PKCS7_SIGNER_INFO * si,X509 * signer)1060 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
1061                           X509 *signer)
1062 {
1063     ASN1_OCTET_STRING *os;
1064     EVP_MD_CTX *mdc_tmp, *mdc;
1065     const EVP_MD *md;
1066     EVP_MD *fetched_md = NULL;
1067     int ret = 0, i;
1068     int md_type;
1069     STACK_OF(X509_ATTRIBUTE) *sk;
1070     BIO *btmp;
1071     EVP_PKEY *pkey;
1072     unsigned char *abuf = NULL;
1073     const PKCS7_CTX *ctx = ossl_pkcs7_get0_ctx(p7);
1074     OSSL_LIB_CTX *libctx = ossl_pkcs7_ctx_get0_libctx(ctx);
1075     const char *propq = ossl_pkcs7_ctx_get0_propq(ctx);
1076 
1077     mdc_tmp = EVP_MD_CTX_new();
1078     if (mdc_tmp == NULL) {
1079         ERR_raise(ERR_LIB_PKCS7, ERR_R_EVP_LIB);
1080         goto err;
1081     }
1082 
1083     if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
1084         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_WRONG_PKCS7_TYPE);
1085         goto err;
1086     }
1087 
1088     md_type = OBJ_obj2nid(si->digest_alg->algorithm);
1089 
1090     btmp = bio;
1091     for (;;) {
1092         if ((btmp == NULL) ||
1093             ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
1094             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1095             goto err;
1096         }
1097         BIO_get_md_ctx(btmp, &mdc);
1098         if (mdc == NULL) {
1099             ERR_raise(ERR_LIB_PKCS7, ERR_R_INTERNAL_ERROR);
1100             goto err;
1101         }
1102         if (EVP_MD_CTX_get_type(mdc) == md_type)
1103             break;
1104         /*
1105          * Workaround for some broken clients that put the signature OID
1106          * instead of the digest OID in digest_alg->algorithm
1107          */
1108         if (EVP_MD_get_pkey_type(EVP_MD_CTX_get0_md(mdc)) == md_type)
1109             break;
1110         btmp = BIO_next(btmp);
1111     }
1112 
1113     /*
1114      * mdc is the digest ctx that we want, unless there are attributes, in
1115      * which case the digest is the signed attributes
1116      */
1117     if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
1118         goto err;
1119 
1120     sk = si->auth_attr;
1121     if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
1122         unsigned char md_dat[EVP_MAX_MD_SIZE];
1123         unsigned int md_len;
1124         int alen;
1125         ASN1_OCTET_STRING *message_digest;
1126 
1127         if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
1128             goto err;
1129         message_digest = PKCS7_digest_from_attributes(sk);
1130         if (!message_digest) {
1131             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
1132             goto err;
1133         }
1134         if ((message_digest->length != (int)md_len) ||
1135             (memcmp(message_digest->data, md_dat, md_len))) {
1136             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_DIGEST_FAILURE);
1137             ret = -1;
1138             goto err;
1139         }
1140 
1141         (void)ERR_set_mark();
1142         fetched_md = EVP_MD_fetch(libctx, OBJ_nid2sn(md_type), propq);
1143 
1144         if (fetched_md != NULL)
1145             md = fetched_md;
1146         else
1147             md = EVP_get_digestbynid(md_type);
1148 
1149         if (md == NULL || !EVP_VerifyInit_ex(mdc_tmp, md, NULL)) {
1150             (void)ERR_clear_last_mark();
1151             goto err;
1152         }
1153         (void)ERR_pop_to_mark();
1154 
1155         alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
1156                              ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
1157         if (alen <= 0 || abuf == NULL) {
1158             ERR_raise(ERR_LIB_PKCS7, ERR_R_ASN1_LIB);
1159             ret = -1;
1160             goto err;
1161         }
1162         if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
1163             goto err;
1164     }
1165 
1166     os = si->enc_digest;
1167     pkey = X509_get0_pubkey(signer);
1168     if (pkey == NULL) {
1169         ret = -1;
1170         goto err;
1171     }
1172 
1173     i = EVP_VerifyFinal_ex(mdc_tmp, os->data, os->length, pkey, libctx, propq);
1174     if (i <= 0) {
1175         ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SIGNATURE_FAILURE);
1176         ret = -1;
1177         goto err;
1178     }
1179     ret = 1;
1180  err:
1181     OPENSSL_free(abuf);
1182     EVP_MD_CTX_free(mdc_tmp);
1183     EVP_MD_free(fetched_md);
1184     return ret;
1185 }
1186 
PKCS7_get_issuer_and_serial(PKCS7 * p7,int idx)1187 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
1188 {
1189     STACK_OF(PKCS7_RECIP_INFO) *rsk;
1190     PKCS7_RECIP_INFO *ri;
1191     int i;
1192 
1193     i = OBJ_obj2nid(p7->type);
1194     if (i != NID_pkcs7_signedAndEnveloped)
1195         return NULL;
1196     if (p7->d.signed_and_enveloped == NULL)
1197         return NULL;
1198     rsk = p7->d.signed_and_enveloped->recipientinfo;
1199     if (rsk == NULL)
1200         return NULL;
1201     if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
1202         return NULL;
1203     ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
1204     return ri->issuer_and_serial;
1205 }
1206 
PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO * si,int nid)1207 ASN1_TYPE *PKCS7_get_signed_attribute(const PKCS7_SIGNER_INFO *si, int nid)
1208 {
1209     return get_attribute(si->auth_attr, nid);
1210 }
1211 
PKCS7_get_attribute(const PKCS7_SIGNER_INFO * si,int nid)1212 ASN1_TYPE *PKCS7_get_attribute(const PKCS7_SIGNER_INFO *si, int nid)
1213 {
1214     return get_attribute(si->unauth_attr, nid);
1215 }
1216 
get_attribute(const STACK_OF (X509_ATTRIBUTE)* sk,int nid)1217 static ASN1_TYPE *get_attribute(const STACK_OF(X509_ATTRIBUTE) *sk, int nid)
1218 {
1219     int idx = X509at_get_attr_by_NID(sk, nid, -1);
1220 
1221     if (idx < 0)
1222         return NULL;
1223     return X509_ATTRIBUTE_get0_type(X509at_get_attr(sk, idx), 0);
1224 }
1225 
PKCS7_digest_from_attributes(STACK_OF (X509_ATTRIBUTE)* sk)1226 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
1227 {
1228     ASN1_TYPE *astype;
1229     if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
1230         return NULL;
1231     return astype->value.octet_string;
1232 }
1233 
PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO * p7si,STACK_OF (X509_ATTRIBUTE)* sk)1234 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
1235                                 STACK_OF(X509_ATTRIBUTE) *sk)
1236 {
1237     sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
1238     p7si->auth_attr = sk_X509_ATTRIBUTE_deep_copy(sk, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free);
1239     if (p7si->auth_attr == NULL)
1240         return 0;
1241     return 1;
1242 }
1243 
PKCS7_set_attributes(PKCS7_SIGNER_INFO * p7si,STACK_OF (X509_ATTRIBUTE)* sk)1244 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
1245                          STACK_OF(X509_ATTRIBUTE) *sk)
1246 {
1247     sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
1248     p7si->unauth_attr = sk_X509_ATTRIBUTE_deep_copy(sk, X509_ATTRIBUTE_dup, X509_ATTRIBUTE_free);
1249     if (p7si->unauth_attr == NULL)
1250         return 0;
1251     return 1;
1252 }
1253 
PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO * p7si,int nid,int atrtype,void * value)1254 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
1255                                void *value)
1256 {
1257     return add_attribute(&(p7si->auth_attr), nid, atrtype, value);
1258 }
1259 
PKCS7_add_attribute(PKCS7_SIGNER_INFO * p7si,int nid,int atrtype,void * value)1260 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
1261                         void *value)
1262 {
1263     return add_attribute(&(p7si->unauth_attr), nid, atrtype, value);
1264 }
1265 
add_attribute(STACK_OF (X509_ATTRIBUTE)** sk,int nid,int atrtype,void * value)1266 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
1267                          void *value)
1268 {
1269     X509_ATTRIBUTE *attr = NULL;
1270     int i, n;
1271 
1272     if (*sk == NULL) {
1273         if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
1274             return 0;
1275     }
1276     n = sk_X509_ATTRIBUTE_num(*sk);
1277     for (i = 0; i < n; i++) {
1278         attr = sk_X509_ATTRIBUTE_value(*sk, i);
1279         if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid)
1280             goto end;
1281     }
1282     if (!sk_X509_ATTRIBUTE_push(*sk, NULL))
1283         return 0;
1284 
1285  end:
1286     attr = X509_ATTRIBUTE_create(nid, atrtype, value);
1287     if (attr == NULL) {
1288         if (i == n)
1289             sk_X509_ATTRIBUTE_pop(*sk);
1290         return 0;
1291     }
1292     X509_ATTRIBUTE_free(sk_X509_ATTRIBUTE_value(*sk, i));
1293     (void) sk_X509_ATTRIBUTE_set(*sk, i, attr);
1294     return 1;
1295 }
1296