Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(386)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: openssl/crypto/pkcs7/pk7_doit.c

Issue 9254031: Upgrade chrome's OpenSSL to same version Android ships with. (Closed) Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/
Patch Set: '' Created 8 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « openssl/crypto/pkcs7/pk7_attr.c ('k') | openssl/crypto/pkcs7/pk7_lib.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* crypto/pkcs7/pk7_doit.c */ 1 /* crypto/pkcs7/pk7_doit.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after
131 131
132 return 1; 132 return 1;
133 133
134 err: 134 err:
135 if (btmp) 135 if (btmp)
136 BIO_free(btmp); 136 BIO_free(btmp);
137 return 0; 137 return 0;
138 138
139 } 139 }
140 140
141 static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
142 unsigned char *key, int keylen)
143 {
144 EVP_PKEY_CTX *pctx = NULL;
145 EVP_PKEY *pkey = NULL;
146 unsigned char *ek = NULL;
147 int ret = 0;
148 size_t eklen;
149
150 pkey = X509_get_pubkey(ri->cert);
151
152 if (!pkey)
153 return 0;
154
155 pctx = EVP_PKEY_CTX_new(pkey, NULL);
156 if (!pctx)
157 return 0;
158
159 if (EVP_PKEY_encrypt_init(pctx) <= 0)
160 goto err;
161
162 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
163 EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0)
164 {
165 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
166 goto err;
167 }
168
169 if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
170 goto err;
171
172 ek = OPENSSL_malloc(eklen);
173
174 if (ek == NULL)
175 {
176 PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
177 goto err;
178 }
179
180 if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
181 goto err;
182
183 ASN1_STRING_set0(ri->enc_key, ek, eklen);
184 ek = NULL;
185
186 ret = 1;
187
188 err:
189 if (pkey)
190 EVP_PKEY_free(pkey);
191 if (pctx)
192 EVP_PKEY_CTX_free(pctx);
193 if (ek)
194 OPENSSL_free(ek);
195 return ret;
196
197 }
198
199
200 static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
201 PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey)
202 {
203 EVP_PKEY_CTX *pctx = NULL;
204 unsigned char *ek = NULL;
205 size_t eklen;
206
207 int ret = 0;
208
209 pctx = EVP_PKEY_CTX_new(pkey, NULL);
210 if (!pctx)
211 return 0;
212
213 if (EVP_PKEY_decrypt_init(pctx) <= 0)
214 goto err;
215
216 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
217 EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0)
218 {
219 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
220 goto err;
221 }
222
223 if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
224 ri->enc_key->data, ri->enc_key->length) <= 0)
225 goto err;
226
227 ek = OPENSSL_malloc(eklen);
228
229 if (ek == NULL)
230 {
231 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
232 goto err;
233 }
234
235 if (EVP_PKEY_decrypt(pctx, ek, &eklen,
236 ri->enc_key->data, ri->enc_key->length) <= 0)
237 {
238 PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
239 goto err;
240 }
241
242 ret = 1;
243
244 *pek = ek;
245 *peklen = eklen;
246
247 err:
248 if (pctx)
249 EVP_PKEY_CTX_free(pctx);
250 if (!ret && ek)
251 OPENSSL_free(ek);
252
253 return ret;
254 }
255
141 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) 256 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
142 { 257 {
143 int i; 258 int i;
144 BIO *out=NULL,*btmp=NULL; 259 BIO *out=NULL,*btmp=NULL;
145 X509_ALGOR *xa = NULL; 260 X509_ALGOR *xa = NULL;
146 const EVP_CIPHER *evp_cipher=NULL; 261 const EVP_CIPHER *evp_cipher=NULL;
147 STACK_OF(X509_ALGOR) *md_sk=NULL; 262 STACK_OF(X509_ALGOR) *md_sk=NULL;
148 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 263 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
149 X509_ALGOR *xalg=NULL; 264 X509_ALGOR *xalg=NULL;
150 PKCS7_RECIP_INFO *ri=NULL; 265 PKCS7_RECIP_INFO *ri=NULL;
151 EVP_PKEY *pkey;
152 ASN1_OCTET_STRING *os=NULL; 266 ASN1_OCTET_STRING *os=NULL;
153 267
154 i=OBJ_obj2nid(p7->type); 268 i=OBJ_obj2nid(p7->type);
155 p7->state=PKCS7_S_HEADER; 269 p7->state=PKCS7_S_HEADER;
156 270
157 switch (i) 271 switch (i)
158 { 272 {
159 case NID_pkcs7_signed: 273 case NID_pkcs7_signed:
160 md_sk=p7->d.sign->md_algs; 274 md_sk=p7->d.sign->md_algs;
161 os = PKCS7_get_octet_string(p7->d.sign->contents); 275 os = PKCS7_get_octet_string(p7->d.sign->contents);
(...skipping 18 matching lines...) Expand all
180 { 294 {
181 PKCS7err(PKCS7_F_PKCS7_DATAINIT, 295 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
182 PKCS7_R_CIPHER_NOT_INITIALIZED); 296 PKCS7_R_CIPHER_NOT_INITIALIZED);
183 goto err; 297 goto err;
184 } 298 }
185 break; 299 break;
186 case NID_pkcs7_digest: 300 case NID_pkcs7_digest:
187 xa = p7->d.digest->md; 301 xa = p7->d.digest->md;
188 os = PKCS7_get_octet_string(p7->d.digest->contents); 302 os = PKCS7_get_octet_string(p7->d.digest->contents);
189 break; 303 break;
304 case NID_pkcs7_data:
305 break;
190 default: 306 default:
191 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE ); 307 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE );
192 goto err; 308 goto err;
193 } 309 }
194 310
195 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 311 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
196 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i))) 312 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
197 goto err; 313 goto err;
198 314
199 if (xa && !PKCS7_bio_add_digest(&out, xa)) 315 if (xa && !PKCS7_bio_add_digest(&out, xa))
200 goto err; 316 goto err;
201 317
202 if (evp_cipher != NULL) 318 if (evp_cipher != NULL)
203 { 319 {
204 unsigned char key[EVP_MAX_KEY_LENGTH]; 320 unsigned char key[EVP_MAX_KEY_LENGTH];
205 unsigned char iv[EVP_MAX_IV_LENGTH]; 321 unsigned char iv[EVP_MAX_IV_LENGTH];
206 int keylen,ivlen; 322 int keylen,ivlen;
207 int jj,max;
208 unsigned char *tmp;
209 EVP_CIPHER_CTX *ctx; 323 EVP_CIPHER_CTX *ctx;
210 324
211 if ((btmp=BIO_new(BIO_f_cipher())) == NULL) 325 if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
212 { 326 {
213 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); 327 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
214 goto err; 328 goto err;
215 } 329 }
216 BIO_get_cipher_ctx(btmp, &ctx); 330 BIO_get_cipher_ctx(btmp, &ctx);
217 keylen=EVP_CIPHER_key_length(evp_cipher); 331 keylen=EVP_CIPHER_key_length(evp_cipher);
218 ivlen=EVP_CIPHER_iv_length(evp_cipher); 332 ivlen=EVP_CIPHER_iv_length(evp_cipher);
219 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); 333 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
220 if (ivlen > 0) 334 if (ivlen > 0)
221 if (RAND_pseudo_bytes(iv,ivlen) <= 0) 335 if (RAND_pseudo_bytes(iv,ivlen) <= 0)
222 goto err; 336 goto err;
223 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0) 337 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
224 goto err; 338 goto err;
225 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0) 339 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
226 goto err; 340 goto err;
227 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0) 341 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
228 goto err; 342 goto err;
229 343
230 if (ivlen > 0) { 344 if (ivlen > 0) {
231 if (xalg->parameter == NULL) { 345 if (xalg->parameter == NULL) {
232 xalg->parameter = ASN1_TYPE_new(); 346 xalg->parameter = ASN1_TYPE_new();
233 if (xalg->parameter == NULL) 347 if (xalg->parameter == NULL)
234 goto err; 348 goto err;
235 } 349 }
236 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) 350 if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
237 » » » goto err; 351 » » » » goto err;
238 } 352 }
239 353
240 /* Lets do the pub key stuff :-) */ 354 /* Lets do the pub key stuff :-) */
241 max=0;
242 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 355 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
243 { 356 {
244 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 357 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
245 » » » if (ri->cert == NULL) 358 » » » if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
246 » » » » {
247 » » » » PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_ CERIPEND_INFO);
248 goto err; 359 goto err;
249 }
250 if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
251 goto err;
252 jj=EVP_PKEY_size(pkey);
253 EVP_PKEY_free(pkey);
254 if (max < jj) max=jj;
255 } 360 }
256 if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
257 {
258 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
259 goto err;
260 }
261 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
262 {
263 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
264 if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
265 goto err;
266 jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
267 EVP_PKEY_free(pkey);
268 if (jj <= 0)
269 {
270 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
271 OPENSSL_free(tmp);
272 goto err;
273 }
274 if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
275 {
276 PKCS7err(PKCS7_F_PKCS7_DATAINIT,
277 ERR_R_MALLOC_FAILURE);
278 OPENSSL_free(tmp);
279 goto err;
280 }
281 }
282 OPENSSL_free(tmp);
283 OPENSSL_cleanse(key, keylen); 361 OPENSSL_cleanse(key, keylen);
284 362
285 if (out == NULL) 363 if (out == NULL)
286 out=btmp; 364 out=btmp;
287 else 365 else
288 BIO_push(out,btmp); 366 BIO_push(out,btmp);
289 btmp=NULL; 367 btmp=NULL;
290 } 368 }
291 369
292 if (bio == NULL) 370 if (bio == NULL)
293 { 371 {
294 if (PKCS7_is_detached(p7)) 372 if (PKCS7_is_detached(p7))
295 bio=BIO_new(BIO_s_null()); 373 bio=BIO_new(BIO_s_null());
296 else if (os && os->length > 0) 374 else if (os && os->length > 0)
297 bio = BIO_new_mem_buf(os->data, os->length); 375 bio = BIO_new_mem_buf(os->data, os->length);
298 if(bio == NULL) 376 if(bio == NULL)
299 { 377 {
300 bio=BIO_new(BIO_s_mem()); 378 bio=BIO_new(BIO_s_mem());
301 if (bio == NULL) 379 if (bio == NULL)
302 goto err; 380 goto err;
303 BIO_set_mem_eof_return(bio,0); 381 BIO_set_mem_eof_return(bio,0);
304 } 382 }
305 } 383 }
306 » BIO_push(out,bio); 384 » if (out)
385 » » BIO_push(out,bio);
386 » else
387 » » out = bio;
307 bio=NULL; 388 bio=NULL;
308 if (0) 389 if (0)
309 { 390 {
310 err: 391 err:
311 if (out != NULL) 392 if (out != NULL)
312 BIO_free_all(out); 393 BIO_free_all(out);
313 if (btmp != NULL) 394 if (btmp != NULL)
314 BIO_free_all(btmp); 395 BIO_free_all(btmp);
315 out=NULL; 396 out=NULL;
316 } 397 }
317 return(out); 398 return(out);
318 } 399 }
319 400
320 static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert) 401 static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
321 { 402 {
322 int ret; 403 int ret;
323 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer, 404 ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
324 pcert->cert_info->issuer); 405 pcert->cert_info->issuer);
325 if (ret) 406 if (ret)
326 return ret; 407 return ret;
327 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, 408 return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
328 ri->issuer_and_serial->serial); 409 ri->issuer_and_serial->serial);
329 } 410 }
330 411
331 /* int */ 412 /* int */
332 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) 413 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
333 { 414 {
334 int i,j; 415 int i,j;
335 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; 416 BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
336 unsigned char *tmp=NULL;
337 X509_ALGOR *xa; 417 X509_ALGOR *xa;
338 ASN1_OCTET_STRING *data_body=NULL; 418 ASN1_OCTET_STRING *data_body=NULL;
339 const EVP_MD *evp_md; 419 const EVP_MD *evp_md;
340 const EVP_CIPHER *evp_cipher=NULL; 420 const EVP_CIPHER *evp_cipher=NULL;
341 EVP_CIPHER_CTX *evp_ctx=NULL; 421 EVP_CIPHER_CTX *evp_ctx=NULL;
342 X509_ALGOR *enc_alg=NULL; 422 X509_ALGOR *enc_alg=NULL;
343 STACK_OF(X509_ALGOR) *md_sk=NULL; 423 STACK_OF(X509_ALGOR) *md_sk=NULL;
344 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; 424 STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
345 X509_ALGOR *xalg=NULL;
346 PKCS7_RECIP_INFO *ri=NULL; 425 PKCS7_RECIP_INFO *ri=NULL;
347 426
348 i=OBJ_obj2nid(p7->type); 427 i=OBJ_obj2nid(p7->type);
349 p7->state=PKCS7_S_HEADER; 428 p7->state=PKCS7_S_HEADER;
350 429
351 switch (i) 430 switch (i)
352 { 431 {
353 case NID_pkcs7_signed: 432 case NID_pkcs7_signed:
354 data_body=PKCS7_get_octet_string(p7->d.sign->contents); 433 data_body=PKCS7_get_octet_string(p7->d.sign->contents);
355 md_sk=p7->d.sign->md_algs; 434 md_sk=p7->d.sign->md_algs;
356 break; 435 break;
357 case NID_pkcs7_signedAndEnveloped: 436 case NID_pkcs7_signedAndEnveloped:
358 rsk=p7->d.signed_and_enveloped->recipientinfo; 437 rsk=p7->d.signed_and_enveloped->recipientinfo;
359 md_sk=p7->d.signed_and_enveloped->md_algs; 438 md_sk=p7->d.signed_and_enveloped->md_algs;
360 data_body=p7->d.signed_and_enveloped->enc_data->enc_data; 439 data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
361 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; 440 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
362 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 441 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
363 if (evp_cipher == NULL) 442 if (evp_cipher == NULL)
364 { 443 {
365 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CI PHER_TYPE); 444 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CI PHER_TYPE);
366 goto err; 445 goto err;
367 } 446 }
368 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
369 break; 447 break;
370 case NID_pkcs7_enveloped: 448 case NID_pkcs7_enveloped:
371 rsk=p7->d.enveloped->recipientinfo; 449 rsk=p7->d.enveloped->recipientinfo;
372 enc_alg=p7->d.enveloped->enc_data->algorithm; 450 enc_alg=p7->d.enveloped->enc_data->algorithm;
373 data_body=p7->d.enveloped->enc_data->enc_data; 451 data_body=p7->d.enveloped->enc_data->enc_data;
374 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm); 452 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
375 if (evp_cipher == NULL) 453 if (evp_cipher == NULL)
376 { 454 {
377 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CI PHER_TYPE); 455 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CI PHER_TYPE);
378 goto err; 456 goto err;
379 } 457 }
380 xalg=p7->d.enveloped->enc_data->algorithm;
381 break; 458 break;
382 default: 459 default:
383 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TY PE); 460 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TY PE);
384 goto err; 461 goto err;
385 } 462 }
386 463
387 /* We will be checking the signature */ 464 /* We will be checking the signature */
388 if (md_sk != NULL) 465 if (md_sk != NULL)
389 { 466 {
390 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) 467 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
(...skipping 25 matching lines...) Expand all
416 if (evp_cipher != NULL) 493 if (evp_cipher != NULL)
417 { 494 {
418 #if 0 495 #if 0
419 unsigned char key[EVP_MAX_KEY_LENGTH]; 496 unsigned char key[EVP_MAX_KEY_LENGTH];
420 unsigned char iv[EVP_MAX_IV_LENGTH]; 497 unsigned char iv[EVP_MAX_IV_LENGTH];
421 unsigned char *p; 498 unsigned char *p;
422 int keylen,ivlen; 499 int keylen,ivlen;
423 int max; 500 int max;
424 X509_OBJECT ret; 501 X509_OBJECT ret;
425 #endif 502 #endif
426 » » int jj; 503 » » unsigned char *ek = NULL;
504 » » int eklen;
427 505
428 if ((etmp=BIO_new(BIO_f_cipher())) == NULL) 506 if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
429 { 507 {
430 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); 508 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
431 goto err; 509 goto err;
432 } 510 }
433 511
434 /* It was encrypted, we need to decrypt the secret key 512 /* It was encrypted, we need to decrypt the secret key
435 * with the private key */ 513 * with the private key */
436 514
437 /* Find the recipientInfo which matches the passed certificate 515 /* Find the recipientInfo which matches the passed certificate
438 * (if any) 516 * (if any)
439 */ 517 */
440 518
441 » » if (pcert) { 519 » » if (pcert)
442 » » » for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { 520 » » » {
521 » » » for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
522 » » » » {
443 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 523 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
444 if (!pkcs7_cmp_ri(ri, pcert)) 524 if (!pkcs7_cmp_ri(ri, pcert))
445 break; 525 break;
446 ri=NULL; 526 ri=NULL;
447 » » » } 527 » » » » }
448 » » » if (ri == NULL) { 528 » » » if (ri == NULL)
529 » » » » {
449 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 530 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
450 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); 531 PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
451 goto err; 532 goto err;
452 » » » } 533 » » » » }
453 » » }
454
455 » » jj=EVP_PKEY_size(pkey);
456 » » tmp=(unsigned char *)OPENSSL_malloc(jj+10);
457 » » if (tmp == NULL)
458 » » » {
459 » » » PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
460 » » » goto err;
461 } 534 }
462 535
463 /* If we haven't got a certificate try each ri in turn */ 536 /* If we haven't got a certificate try each ri in turn */
464 537
465 if (pcert == NULL) 538 if (pcert == NULL)
466 { 539 {
467 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) 540 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
468 { 541 {
469 ri=sk_PKCS7_RECIP_INFO_value(rsk,i); 542 ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
470 » » » » jj=EVP_PKEY_decrypt(tmp, 543 » » » » if (pkcs7_decrypt_rinfo(&ek, &eklen,
471 » » » » » M_ASN1_STRING_data(ri->enc_key), 544 » » » » » » » ri, pkey) > 0)
472 » » » » » M_ASN1_STRING_length(ri->enc_key),
473 » » » » » » pkey);
474 » » » » if (jj > 0)
475 break; 545 break;
476 ERR_clear_error(); 546 ERR_clear_error();
477 ri = NULL; 547 ri = NULL;
478 } 548 }
479 if (ri == NULL) 549 if (ri == NULL)
480 { 550 {
481 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 551 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
482 PKCS7_R_NO_RECIPIENT_MATCHES_KEY); 552 PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
483 goto err; 553 goto err;
484 } 554 }
485 } 555 }
486 else 556 else
487 { 557 {
488 » » » jj=EVP_PKEY_decrypt(tmp, 558 » » » if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0)
489 » » » » M_ASN1_STRING_data(ri->enc_key),
490 » » » » M_ASN1_STRING_length(ri->enc_key), pkey);
491 » » » if (jj <= 0)
492 » » » » {
493 » » » » PKCS7err(PKCS7_F_PKCS7_DATADECODE,
494 » » » » » » » » ERR_R_EVP_LIB);
495 goto err; 559 goto err;
496 }
497 } 560 }
498 561
499 evp_ctx=NULL; 562 evp_ctx=NULL;
500 BIO_get_cipher_ctx(etmp,&evp_ctx); 563 BIO_get_cipher_ctx(etmp,&evp_ctx);
501 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0) 564 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
502 goto err; 565 goto err;
503 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) 566 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
504 goto err; 567 goto err;
505 568
506 » » if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { 569 » » if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
507 /* Some S/MIME clients don't use the same key 570 /* Some S/MIME clients don't use the same key
508 * and effective key length. The key length is 571 * and effective key length. The key length is
509 * determined by the size of the decrypted RSA key. 572 * determined by the size of the decrypted RSA key.
510 */ 573 */
511 » » » if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) 574 » » » if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen))
512 { 575 {
513 PKCS7err(PKCS7_F_PKCS7_DATADECODE, 576 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
514 PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); 577 PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
515 goto err; 578 goto err;
516 } 579 }
517 } 580 }
518 » » if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0) 581 » » if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0)
519 goto err; 582 goto err;
520 583
521 » » OPENSSL_cleanse(tmp,jj); 584 » » if (ek)
585 » » » {
586 » » » OPENSSL_cleanse(ek,eklen);
587 » » » OPENSSL_free(ek);
588 » » » }
522 589
523 if (out == NULL) 590 if (out == NULL)
524 out=etmp; 591 out=etmp;
525 else 592 else
526 BIO_push(out,etmp); 593 BIO_push(out,etmp);
527 etmp=NULL; 594 etmp=NULL;
528 } 595 }
529 596
530 #if 1 597 #if 1
531 if (PKCS7_is_detached(p7) || (in_bio != NULL)) 598 if (PKCS7_is_detached(p7) || (in_bio != NULL))
(...skipping 27 matching lines...) Expand all
559 #endif 626 #endif
560 if (0) 627 if (0)
561 { 628 {
562 err: 629 err:
563 if (out != NULL) BIO_free_all(out); 630 if (out != NULL) BIO_free_all(out);
564 if (btmp != NULL) BIO_free_all(btmp); 631 if (btmp != NULL) BIO_free_all(btmp);
565 if (etmp != NULL) BIO_free_all(etmp); 632 if (etmp != NULL) BIO_free_all(etmp);
566 if (bio != NULL) BIO_free_all(bio); 633 if (bio != NULL) BIO_free_all(bio);
567 out=NULL; 634 out=NULL;
568 } 635 }
569 if (tmp != NULL)
570 OPENSSL_free(tmp);
571 return(out); 636 return(out);
572 } 637 }
573 638
574 static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid) 639 static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
575 { 640 {
576 for (;;) 641 for (;;)
577 { 642 {
578 bio=BIO_find_type(bio,BIO_TYPE_MD); 643 bio=BIO_find_type(bio,BIO_TYPE_MD);
579 if (bio == NULL) 644 if (bio == NULL)
580 { 645 {
581 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIN D_MESSAGE_DIGEST); 646 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIN D_MESSAGE_DIGEST);
582 return NULL; 647 return NULL;
583 } 648 }
584 BIO_get_md_ctx(bio,pmd); 649 BIO_get_md_ctx(bio,pmd);
585 if (*pmd == NULL) 650 if (*pmd == NULL)
586 { 651 {
587 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR) ; 652 PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR) ;
588 return NULL; 653 return NULL;
589 } 654 }
590 if (EVP_MD_CTX_type(*pmd) == nid) 655 if (EVP_MD_CTX_type(*pmd) == nid)
591 return bio; 656 return bio;
592 bio=BIO_next(bio); 657 bio=BIO_next(bio);
593 } 658 }
594 return NULL; 659 return NULL;
595 } 660 }
596 661
662 static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
663 {
664 unsigned char md_data[EVP_MAX_MD_SIZE];
665 unsigned int md_len;
666
667 /* Add signing time if not already present */
668 if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime))
669 {
670 if (!PKCS7_add0_attrib_signing_time(si, NULL))
671 {
672 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,
673 ERR_R_MALLOC_FAILURE);
674 return 0;
675 }
676 }
677
678 /* Add digest */
679 EVP_DigestFinal_ex(mctx, md_data,&md_len);
680 if (!PKCS7_add1_attrib_digest(si, md_data, md_len))
681 {
682 PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
683 return 0;
684 }
685
686 /* Now sign the attributes */
687 if (!PKCS7_SIGNER_INFO_sign(si))
688 return 0;
689
690 return 1;
691 }
692
693
597 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) 694 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
598 { 695 {
599 int ret=0; 696 int ret=0;
600 int i,j; 697 int i,j;
601 BIO *btmp; 698 BIO *btmp;
602 BUF_MEM *buf_mem=NULL;
603 BUF_MEM *buf=NULL;
604 PKCS7_SIGNER_INFO *si; 699 PKCS7_SIGNER_INFO *si;
605 EVP_MD_CTX *mdc,ctx_tmp; 700 EVP_MD_CTX *mdc,ctx_tmp;
606 STACK_OF(X509_ATTRIBUTE) *sk; 701 STACK_OF(X509_ATTRIBUTE) *sk;
607 STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; 702 STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
608 ASN1_OCTET_STRING *os=NULL; 703 ASN1_OCTET_STRING *os=NULL;
609 704
610 EVP_MD_CTX_init(&ctx_tmp); 705 EVP_MD_CTX_init(&ctx_tmp);
611 i=OBJ_obj2nid(p7->type); 706 i=OBJ_obj2nid(p7->type);
612 p7->state=PKCS7_S_HEADER; 707 p7->state=PKCS7_S_HEADER;
613 708
614 switch (i) 709 switch (i)
615 { 710 {
711 case NID_pkcs7_data:
712 os = p7->d.data;
713 break;
616 case NID_pkcs7_signedAndEnveloped: 714 case NID_pkcs7_signedAndEnveloped:
617 /* XXXXXXXXXXXXXXXX */ 715 /* XXXXXXXXXXXXXXXX */
618 si_sk=p7->d.signed_and_enveloped->signer_info; 716 si_sk=p7->d.signed_and_enveloped->signer_info;
619 » » if (!(os=M_ASN1_OCTET_STRING_new())) 717 » » os = p7->d.signed_and_enveloped->enc_data->enc_data;
718 » » if (!os)
620 { 719 {
621 » » » PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 720 » » » os=M_ASN1_OCTET_STRING_new();
622 » » » goto err; 721 » » » if (!os)
722 » » » » {
723 » » » » PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FA ILURE);
724 » » » » goto err;
725 » » » » }
726 » » » p7->d.signed_and_enveloped->enc_data->enc_data=os;
623 } 727 }
624 p7->d.signed_and_enveloped->enc_data->enc_data=os;
625 break; 728 break;
626 case NID_pkcs7_enveloped: 729 case NID_pkcs7_enveloped:
627 /* XXXXXXXXXXXXXXXX */ 730 /* XXXXXXXXXXXXXXXX */
628 » » if (!(os=M_ASN1_OCTET_STRING_new())) 731 » » os = p7->d.enveloped->enc_data->enc_data;
732 » » if (!os)
629 { 733 {
630 » » » PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE); 734 » » » os=M_ASN1_OCTET_STRING_new();
631 » » » goto err; 735 » » » if (!os)
736 » » » » {
737 » » » » PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FA ILURE);
738 » » » » goto err;
739 » » » » }
740 » » » p7->d.enveloped->enc_data->enc_data=os;
632 } 741 }
633 p7->d.enveloped->enc_data->enc_data=os;
634 break; 742 break;
635 case NID_pkcs7_signed: 743 case NID_pkcs7_signed:
636 si_sk=p7->d.sign->signer_info; 744 si_sk=p7->d.sign->signer_info;
637 os=PKCS7_get_octet_string(p7->d.sign->contents); 745 os=PKCS7_get_octet_string(p7->d.sign->contents);
638 /* If detached data then the content is excluded */ 746 /* If detached data then the content is excluded */
639 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) { 747 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
640 M_ASN1_OCTET_STRING_free(os); 748 M_ASN1_OCTET_STRING_free(os);
641 p7->d.sign->contents->d.data = NULL; 749 p7->d.sign->contents->d.data = NULL;
642 } 750 }
643 break; 751 break;
644 752
645 case NID_pkcs7_digest: 753 case NID_pkcs7_digest:
646 os=PKCS7_get_octet_string(p7->d.digest->contents); 754 os=PKCS7_get_octet_string(p7->d.digest->contents);
647 /* If detached data then the content is excluded */ 755 /* If detached data then the content is excluded */
648 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) 756 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
649 { 757 {
650 M_ASN1_OCTET_STRING_free(os); 758 M_ASN1_OCTET_STRING_free(os);
651 p7->d.digest->contents->d.data = NULL; 759 p7->d.digest->contents->d.data = NULL;
652 } 760 }
653 break; 761 break;
654 762
763 default:
764 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNSUPPORTED_CONTENT_TYP E);
765 goto err;
655 } 766 }
656 767
657 if (si_sk != NULL) 768 if (si_sk != NULL)
658 { 769 {
659 if ((buf=BUF_MEM_new()) == NULL)
660 {
661 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
662 goto err;
663 }
664 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) 770 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
665 { 771 {
666 si=sk_PKCS7_SIGNER_INFO_value(si_sk,i); 772 si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
667 » » » if (si->pkey == NULL) continue; 773 » » » if (si->pkey == NULL)
774 » » » » continue;
668 775
669 » » » j=OBJ_obj2nid(si->digest_alg->algorithm); 776 » » » j = OBJ_obj2nid(si->digest_alg->algorithm);
670 777
671 btmp=bio; 778 btmp=bio;
672 779
673 btmp = PKCS7_find_digest(&mdc, btmp, j); 780 btmp = PKCS7_find_digest(&mdc, btmp, j);
674 781
675 if (btmp == NULL) 782 if (btmp == NULL)
676 goto err; 783 goto err;
677 784
678 /* We now have the EVP_MD_CTX, lets do the 785 /* We now have the EVP_MD_CTX, lets do the
679 * signing. */ 786 * signing. */
680 EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); 787 EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
681 if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
682 {
683 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
684 goto err;
685 }
686 788
687 sk=si->auth_attr; 789 sk=si->auth_attr;
688 790
689 /* If there are attributes, we add the digest 791 /* If there are attributes, we add the digest
690 * attribute and only sign the attributes */ 792 * attribute and only sign the attributes */
691 » » » if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) 793 » » » if (sk_X509_ATTRIBUTE_num(sk) > 0)
692 { 794 {
693 » » » » unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NU LL; 795 » » » » if (!do_pkcs7_signed_attrib(si, &ctx_tmp))
694 » » » » unsigned int md_len, alen; 796 » » » » » goto err;
695 » » » » ASN1_OCTET_STRING *digest; 797 » » » » }
696 » » » » ASN1_UTCTIME *sign_time; 798 » » » else
697 » » » » const EVP_MD *md_tmp; 799 » » » » {
800 » » » » unsigned char *abuf = NULL;
801 » » » » unsigned int abuflen;
802 » » » » abuflen = EVP_PKEY_size(si->pkey);
803 » » » » abuf = OPENSSL_malloc(abuflen);
804 » » » » if (!abuf)
805 » » » » » goto err;
698 806
699 » » » » /* Add signing time if not already present */ 807 » » » » if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,
700 » » » » if (!PKCS7_get_signed_attribute(si, 808 » » » » » » » si->pkey))
701 » » » » » » » NID_pkcs9_signingTime))
702 » » » » » {
703 » » » » » if (!(sign_time=X509_gmtime_adj(NULL,0)) )
704 » » » » » » {
705 » » » » » » PKCS7err(PKCS7_F_PKCS7_DATAFINAL ,
706 » » » » » » » ERR_R_MALLOC_FAILURE);
707 » » » » » » goto err;
708 » » » » » » }
709 » » » » » if (!PKCS7_add_signed_attribute(si,
710 » » » » » » NID_pkcs9_signingTime,
711 » » » » » » V_ASN1_UTCTIME,sign_time))
712 » » » » » » {
713 » » » » » » M_ASN1_UTCTIME_free(sign_time);
714 » » » » » » goto err;
715 » » » » » » }
716 » » » » » }
717
718 » » » » /* Add digest */
719 » » » » md_tmp=EVP_MD_CTX_md(&ctx_tmp);
720 » » » » EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
721 » » » » if (!(digest=M_ASN1_OCTET_STRING_new()))
722 { 809 {
723 PKCS7err(PKCS7_F_PKCS7_DATAFINAL, 810 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
724 » » » » » » ERR_R_MALLOC_FAILURE); 811 » » » » » » » ERR_R_EVP_LIB);
725 goto err; 812 goto err;
726 } 813 }
727 » » » » if (!M_ASN1_OCTET_STRING_set(digest,md_data, 814 » » » » ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
728 » » » » » » » » md_len))
729 » » » » » {
730 » » » » » PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
731 » » » » » » ERR_R_MALLOC_FAILURE);
732 » » » » » M_ASN1_OCTET_STRING_free(digest);
733 » » » » » goto err;
734 » » » » » }
735 » » » » if (!PKCS7_add_signed_attribute(si,
736 » » » » » NID_pkcs9_messageDigest,
737 » » » » » V_ASN1_OCTET_STRING,digest))
738 » » » » » {
739 » » » » » M_ASN1_OCTET_STRING_free(digest);
740 » » » » » goto err;
741 » » » » » }
742
743 » » » » /* Now sign the attributes */
744 » » » » EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
745 » » » » alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
746 » » » » » » » ASN1_ITEM_rptr(PKCS7_ATT R_SIGN));
747 » » » » if(!abuf) goto err;
748 » » » » EVP_SignUpdate(&ctx_tmp,abuf,alen);
749 » » » » OPENSSL_free(abuf);
750 » » » » }
751
752 #ifndef OPENSSL_NO_DSA
753 » » » if (si->pkey->type == EVP_PKEY_DSA)
754 » » » » ctx_tmp.digest=EVP_dss1();
755 #endif
756 #ifndef OPENSSL_NO_ECDSA
757 » » » if (si->pkey->type == EVP_PKEY_EC)
758 » » » » ctx_tmp.digest=EVP_ecdsa();
759 #endif
760
761 » » » if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
762 » » » » (unsigned int *)&buf->length,si->pkey))
763 » » » » {
764 » » » » PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);
765 » » » » goto err;
766 » » » » }
767 » » » if (!ASN1_STRING_set(si->enc_digest,
768 » » » » (unsigned char *)buf->data,buf->length))
769 » » » » {
770 » » » » PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB) ;
771 » » » » goto err;
772 } 815 }
773 } 816 }
774 } 817 }
775 else if (i == NID_pkcs7_digest) 818 else if (i == NID_pkcs7_digest)
776 { 819 {
777 unsigned char md_data[EVP_MAX_MD_SIZE]; 820 unsigned char md_data[EVP_MAX_MD_SIZE];
778 unsigned int md_len; 821 unsigned int md_len;
779 if (!PKCS7_find_digest(&mdc, bio, 822 if (!PKCS7_find_digest(&mdc, bio,
780 OBJ_obj2nid(p7->d.digest->md->algorithm))) 823 OBJ_obj2nid(p7->d.digest->md->algorithm)))
781 goto err; 824 goto err;
782 EVP_DigestFinal_ex(mdc,md_data,&md_len); 825 EVP_DigestFinal_ex(mdc,md_data,&md_len);
783 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len); 826 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
784 } 827 }
785 828
786 » if (!PKCS7_is_detached(p7)) 829 » if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
787 { 830 {
831 char *cont;
832 long contlen;
788 btmp=BIO_find_type(bio,BIO_TYPE_MEM); 833 btmp=BIO_find_type(bio,BIO_TYPE_MEM);
789 if (btmp == NULL) 834 if (btmp == NULL)
790 { 835 {
791 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_ MEM_BIO); 836 PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_ MEM_BIO);
792 goto err; 837 goto err;
793 } 838 }
794 » » BIO_get_mem_ptr(btmp,&buf_mem); 839 » » contlen = BIO_get_mem_data(btmp, &cont);
795 /* Mark the BIO read only then we can use its copy of the data 840 /* Mark the BIO read only then we can use its copy of the data
796 * instead of making an extra copy. 841 * instead of making an extra copy.
797 */ 842 */
798 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); 843 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
799 BIO_set_mem_eof_return(btmp, 0); 844 BIO_set_mem_eof_return(btmp, 0);
800 » » os->data = (unsigned char *)buf_mem->data; 845 » » ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
801 » » os->length = buf_mem->length;
802 #if 0
803 » » M_ASN1_OCTET_STRING_set(os,
804 » » » (unsigned char *)buf_mem->data,buf_mem->length);
805 #endif
806 } 846 }
807 ret=1; 847 ret=1;
808 err: 848 err:
809 EVP_MD_CTX_cleanup(&ctx_tmp); 849 EVP_MD_CTX_cleanup(&ctx_tmp);
810 if (buf != NULL) BUF_MEM_free(buf);
811 return(ret); 850 return(ret);
812 } 851 }
813 852
853 int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
854 {
855 EVP_MD_CTX mctx;
856 EVP_PKEY_CTX *pctx;
857 unsigned char *abuf = NULL;
858 int alen;
859 size_t siglen;
860 const EVP_MD *md = NULL;
861
862 md = EVP_get_digestbyobj(si->digest_alg->algorithm);
863 if (md == NULL)
864 return 0;
865
866 EVP_MD_CTX_init(&mctx);
867 if (EVP_DigestSignInit(&mctx, &pctx, md,NULL, si->pkey) <= 0)
868 goto err;
869
870 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
871 EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0)
872 {
873 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
874 goto err;
875 }
876
877 alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf,
878 ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
879 if(!abuf)
880 goto err;
881 if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
882 goto err;
883 OPENSSL_free(abuf);
884 if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
885 goto err;
886 abuf = OPENSSL_malloc(siglen);
887 if(!abuf)
888 goto err;
889 if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
890 goto err;
891
892 if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
893 EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0)
894 {
895 PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
896 goto err;
897 }
898
899 EVP_MD_CTX_cleanup(&mctx);
900
901 ASN1_STRING_set0(si->enc_digest, abuf, siglen);
902
903 return 1;
904
905 err:
906 if (abuf)
907 OPENSSL_free(abuf);
908 EVP_MD_CTX_cleanup(&mctx);
909 return 0;
910
911 }
912
814 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, 913 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
815 PKCS7 *p7, PKCS7_SIGNER_INFO *si) 914 PKCS7 *p7, PKCS7_SIGNER_INFO *si)
816 { 915 {
817 PKCS7_ISSUER_AND_SERIAL *ias; 916 PKCS7_ISSUER_AND_SERIAL *ias;
818 int ret=0,i; 917 int ret=0,i;
819 STACK_OF(X509) *cert; 918 STACK_OF(X509) *cert;
820 X509 *x509; 919 X509 *x509;
821 920
822 if (PKCS7_type_is_signed(p7)) 921 if (PKCS7_type_is_signed(p7))
823 { 922 {
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
915 } 1014 }
916 1015
917 /* mdc is the digest ctx that we want, unless there are attributes, 1016 /* mdc is the digest ctx that we want, unless there are attributes,
918 * in which case the digest is the signed attributes */ 1017 * in which case the digest is the signed attributes */
919 EVP_MD_CTX_copy_ex(&mdc_tmp,mdc); 1018 EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
920 1019
921 sk=si->auth_attr; 1020 sk=si->auth_attr;
922 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) 1021 if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
923 { 1022 {
924 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; 1023 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
925 unsigned int md_len, alen; 1024 unsigned int md_len;
1025 » » int alen;
926 ASN1_OCTET_STRING *message_digest; 1026 ASN1_OCTET_STRING *message_digest;
927 1027
928 EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len); 1028 EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
929 message_digest=PKCS7_digest_from_attributes(sk); 1029 message_digest=PKCS7_digest_from_attributes(sk);
930 if (!message_digest) 1030 if (!message_digest)
931 { 1031 {
932 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1032 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
933 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); 1033 PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
934 goto err; 1034 goto err;
935 } 1035 }
(...skipping 11 matching lines...) Expand all
947 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1047 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
948 PKCS7_R_DIGEST_FAILURE); 1048 PKCS7_R_DIGEST_FAILURE);
949 ret= -1; 1049 ret= -1;
950 goto err; 1050 goto err;
951 } 1051 }
952 1052
953 EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL); 1053 EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
954 1054
955 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, 1055 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
956 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY )); 1056 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY ));
1057 if (alen <= 0)
1058 {
1059 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,ERR_R_ASN1_LIB);
1060 ret = -1;
1061 goto err;
1062 }
957 EVP_VerifyUpdate(&mdc_tmp, abuf, alen); 1063 EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
958 1064
959 OPENSSL_free(abuf); 1065 OPENSSL_free(abuf);
960 } 1066 }
961 1067
962 os=si->enc_digest; 1068 os=si->enc_digest;
963 pkey = X509_get_pubkey(x509); 1069 pkey = X509_get_pubkey(x509);
964 if (!pkey) 1070 if (!pkey)
965 { 1071 {
966 ret = -1; 1072 ret = -1;
967 goto err; 1073 goto err;
968 } 1074 }
969 #ifndef OPENSSL_NO_DSA
970 if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
971 #endif
972 #ifndef OPENSSL_NO_ECDSA
973 if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
974 #endif
975 1075
976 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); 1076 i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
977 EVP_PKEY_free(pkey); 1077 EVP_PKEY_free(pkey);
978 if (i <= 0) 1078 if (i <= 0)
979 { 1079 {
980 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, 1080 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
981 PKCS7_R_SIGNATURE_FAILURE); 1081 PKCS7_R_SIGNATURE_FAILURE);
982 ret= -1; 1082 ret= -1;
983 goto err; 1083 goto err;
984 } 1084 }
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
1100 return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); 1200 return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
1101 } 1201 }
1102 1202
1103 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, 1203 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
1104 void *value) 1204 void *value)
1105 { 1205 {
1106 X509_ATTRIBUTE *attr=NULL; 1206 X509_ATTRIBUTE *attr=NULL;
1107 1207
1108 if (*sk == NULL) 1208 if (*sk == NULL)
1109 { 1209 {
1110 » » if (!(*sk = sk_X509_ATTRIBUTE_new_null())) 1210 » » *sk = sk_X509_ATTRIBUTE_new_null();
1111 » » » return 0; 1211 » » if (*sk == NULL)
1212 » » » return 0;»
1112 new_attrib: 1213 new_attrib:
1113 if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value))) 1214 if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
1114 return 0; 1215 return 0;
1115 if (!sk_X509_ATTRIBUTE_push(*sk,attr)) 1216 if (!sk_X509_ATTRIBUTE_push(*sk,attr))
1116 { 1217 {
1117 X509_ATTRIBUTE_free(attr); 1218 X509_ATTRIBUTE_free(attr);
1118 return 0; 1219 return 0;
1119 } 1220 }
1120 } 1221 }
1121 else 1222 else
(...skipping 16 matching lines...) Expand all
1138 } 1239 }
1139 goto end; 1240 goto end;
1140 } 1241 }
1141 } 1242 }
1142 goto new_attrib; 1243 goto new_attrib;
1143 } 1244 }
1144 end: 1245 end:
1145 return(1); 1246 return(1);
1146 } 1247 }
1147 1248
OLDNEW
« no previous file with comments | « openssl/crypto/pkcs7/pk7_attr.c ('k') | openssl/crypto/pkcs7/pk7_lib.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698