Always init ctx_tmp in PKCS7_dataFinal since it is always cleaned up.
[openssl.git] / crypto / pkcs7 / pk7_doit.c
1 /* crypto/pkcs7/pk7_doit.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include "cryptlib.h"
61 #include <openssl/rand.h>
62 #include <openssl/objects.h>
63 #include <openssl/x509.h>
64 #include <openssl/x509v3.h>
65
66 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
67                          void *value);
68 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
69
70 static int PKCS7_type_is_other(PKCS7* p7)
71         {
72         int isOther=1;
73         
74         int nid=OBJ_obj2nid(p7->type);
75
76         switch( nid )
77                 {
78         case NID_pkcs7_data:
79         case NID_pkcs7_signed:
80         case NID_pkcs7_enveloped:
81         case NID_pkcs7_signedAndEnveloped:
82         case NID_pkcs7_digest:
83         case NID_pkcs7_encrypted:
84                 isOther=0;
85                 break;
86         default:
87                 isOther=1;
88                 }
89
90         return isOther;
91
92         }
93
94 static int PKCS7_type_is_octet_string(PKCS7* p7)
95         {
96         if ( 0==PKCS7_type_is_other(p7) )
97                 return 0;
98
99         return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0;
100         }
101
102 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
103         {
104         int i,j;
105         BIO *out=NULL,*btmp=NULL;
106         X509_ALGOR *xa;
107         const EVP_MD *evp_md;
108         const EVP_CIPHER *evp_cipher=NULL;
109         STACK_OF(X509_ALGOR) *md_sk=NULL;
110         STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
111         X509_ALGOR *xalg=NULL;
112         PKCS7_RECIP_INFO *ri=NULL;
113         EVP_PKEY *pkey;
114
115         i=OBJ_obj2nid(p7->type);
116         p7->state=PKCS7_S_HEADER;
117
118         switch (i)
119                 {
120         case NID_pkcs7_signed:
121                 md_sk=p7->d.sign->md_algs;
122                 break;
123         case NID_pkcs7_signedAndEnveloped:
124                 rsk=p7->d.signed_and_enveloped->recipientinfo;
125                 md_sk=p7->d.signed_and_enveloped->md_algs;
126                 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
127                 evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
128                 if (evp_cipher == NULL)
129                         {
130                         PKCS7err(PKCS7_F_PKCS7_DATAINIT,
131                                                 PKCS7_R_CIPHER_NOT_INITIALIZED);
132                         goto err;
133                         }
134                 break;
135         case NID_pkcs7_enveloped:
136                 rsk=p7->d.enveloped->recipientinfo;
137                 xalg=p7->d.enveloped->enc_data->algorithm;
138                 evp_cipher=p7->d.enveloped->enc_data->cipher;
139                 if (evp_cipher == NULL)
140                         {
141                         PKCS7err(PKCS7_F_PKCS7_DATAINIT,
142                                                 PKCS7_R_CIPHER_NOT_INITIALIZED);
143                         goto err;
144                         }
145                 break;
146         default:
147                 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
148                 goto err;
149                 }
150
151         if (md_sk != NULL)
152                 {
153                 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
154                         {
155                         xa=sk_X509_ALGOR_value(md_sk,i);
156                         if ((btmp=BIO_new(BIO_f_md())) == NULL)
157                                 {
158                                 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
159                                 goto err;
160                                 }
161
162                         j=OBJ_obj2nid(xa->algorithm);
163                         evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
164                         if (evp_md == NULL)
165                                 {
166                                 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNKNOWN_DIGEST_TYPE);
167                                 goto err;
168                                 }
169
170                         BIO_set_md(btmp,evp_md);
171                         if (out == NULL)
172                                 out=btmp;
173                         else
174                                 BIO_push(out,btmp);
175                         btmp=NULL;
176                         }
177                 }
178
179         if (evp_cipher != NULL)
180                 {
181                 unsigned char key[EVP_MAX_KEY_LENGTH];
182                 unsigned char iv[EVP_MAX_IV_LENGTH];
183                 int keylen,ivlen;
184                 int jj,max;
185                 unsigned char *tmp;
186                 EVP_CIPHER_CTX *ctx;
187
188                 if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
189                         {
190                         PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
191                         goto err;
192                         }
193                 BIO_get_cipher_ctx(btmp, &ctx);
194                 keylen=EVP_CIPHER_key_length(evp_cipher);
195                 ivlen=EVP_CIPHER_iv_length(evp_cipher);
196                 if (RAND_bytes(key,keylen) <= 0)
197                         goto err;
198                 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
199                 if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
200                 EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1);
201
202                 if (ivlen > 0) {
203                         if (xalg->parameter == NULL) 
204                                                 xalg->parameter=ASN1_TYPE_new();
205                         if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
206                                                                        goto err;
207                 }
208
209                 /* Lets do the pub key stuff :-) */
210                 max=0;
211                 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
212                         {
213                         ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
214                         if (ri->cert == NULL)
215                                 {
216                                 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
217                                 goto err;
218                                 }
219                         pkey=X509_get_pubkey(ri->cert);
220                         jj=EVP_PKEY_size(pkey);
221                         EVP_PKEY_free(pkey);
222                         if (max < jj) max=jj;
223                         }
224                 if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
225                         {
226                         PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
227                         goto err;
228                         }
229                 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
230                         {
231                         ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
232                         pkey=X509_get_pubkey(ri->cert);
233                         jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
234                         EVP_PKEY_free(pkey);
235                         if (jj <= 0)
236                                 {
237                                 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
238                                 OPENSSL_free(tmp);
239                                 goto err;
240                                 }
241                         M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
242                         }
243                 OPENSSL_free(tmp);
244                 memset(key, 0, keylen);
245
246                 if (out == NULL)
247                         out=btmp;
248                 else
249                         BIO_push(out,btmp);
250                 btmp=NULL;
251                 }
252
253         if (bio == NULL) {
254                 if (PKCS7_is_detached(p7))
255                         bio=BIO_new(BIO_s_null());
256                 else {
257                         if (PKCS7_type_is_signed(p7) ) { 
258                                 if ( PKCS7_type_is_data(p7->d.sign->contents)) {
259                                         ASN1_OCTET_STRING *os;
260                                         os=p7->d.sign->contents->d.data;
261                                         if (os->length > 0)
262                                                 bio = BIO_new_mem_buf(os->data, os->length);
263                                 }
264                                 else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
265                                         ASN1_OCTET_STRING *os;
266                                         os=p7->d.sign->contents->d.other->value.octet_string;
267                                         if (os->length > 0)
268                                                 bio = BIO_new_mem_buf(os->data, os->length);
269                                 }
270                         }
271                         if(bio == NULL) {
272                                 bio=BIO_new(BIO_s_mem());
273                                 BIO_set_mem_eof_return(bio,0);
274                         }
275                 }
276         }
277         BIO_push(out,bio);
278         bio=NULL;
279         if (0)
280                 {
281 err:
282                 if (out != NULL)
283                         BIO_free_all(out);
284                 if (btmp != NULL)
285                         BIO_free_all(btmp);
286                 out=NULL;
287                 }
288         return(out);
289         }
290
291 /* int */
292 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
293         {
294         int i,j;
295         BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
296         unsigned char *tmp=NULL;
297         X509_ALGOR *xa;
298         ASN1_OCTET_STRING *data_body=NULL;
299         const EVP_MD *evp_md;
300         const EVP_CIPHER *evp_cipher=NULL;
301         EVP_CIPHER_CTX *evp_ctx=NULL;
302         X509_ALGOR *enc_alg=NULL;
303         STACK_OF(X509_ALGOR) *md_sk=NULL;
304         STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
305         X509_ALGOR *xalg=NULL;
306         PKCS7_RECIP_INFO *ri=NULL;
307
308         i=OBJ_obj2nid(p7->type);
309         p7->state=PKCS7_S_HEADER;
310
311         switch (i)
312                 {
313         case NID_pkcs7_signed:
314                 data_body=p7->d.sign->contents->d.data;
315                 md_sk=p7->d.sign->md_algs;
316                 break;
317         case NID_pkcs7_signedAndEnveloped:
318                 rsk=p7->d.signed_and_enveloped->recipientinfo;
319                 md_sk=p7->d.signed_and_enveloped->md_algs;
320                 data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
321                 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
322                 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
323                 if (evp_cipher == NULL)
324                         {
325                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
326                         goto err;
327                         }
328                 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
329                 break;
330         case NID_pkcs7_enveloped:
331                 rsk=p7->d.enveloped->recipientinfo;
332                 enc_alg=p7->d.enveloped->enc_data->algorithm;
333                 data_body=p7->d.enveloped->enc_data->enc_data;
334                 evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm)));
335                 if (evp_cipher == NULL)
336                         {
337                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
338                         goto err;
339                         }
340                 xalg=p7->d.enveloped->enc_data->algorithm;
341                 break;
342         default:
343                 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
344                 goto err;
345                 }
346
347         /* We will be checking the signature */
348         if (md_sk != NULL)
349                 {
350                 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
351                         {
352                         xa=sk_X509_ALGOR_value(md_sk,i);
353                         if ((btmp=BIO_new(BIO_f_md())) == NULL)
354                                 {
355                                 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
356                                 goto err;
357                                 }
358
359                         j=OBJ_obj2nid(xa->algorithm);
360                         evp_md=EVP_get_digestbyname(OBJ_nid2sn(j));
361                         if (evp_md == NULL)
362                                 {
363                                 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
364                                 goto err;
365                                 }
366
367                         BIO_set_md(btmp,evp_md);
368                         if (out == NULL)
369                                 out=btmp;
370                         else
371                                 BIO_push(out,btmp);
372                         btmp=NULL;
373                         }
374                 }
375
376         if (evp_cipher != NULL)
377                 {
378 #if 0
379                 unsigned char key[EVP_MAX_KEY_LENGTH];
380                 unsigned char iv[EVP_MAX_IV_LENGTH];
381                 unsigned char *p;
382                 int keylen,ivlen;
383                 int max;
384                 X509_OBJECT ret;
385 #endif
386                 int jj;
387
388                 if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
389                         {
390                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
391                         goto err;
392                         }
393
394                 /* It was encrypted, we need to decrypt the secret key
395                  * with the private key */
396
397                 /* Find the recipientInfo which matches the passed certificate
398                  * (if any)
399                  */
400
401                 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
402                         ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
403                         if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
404                                         pcert->cert_info->issuer) &&
405                              !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
406                                         ri->issuer_and_serial->serial)) break;
407                         ri=NULL;
408                 }
409                 if (ri == NULL) {
410                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,
411                                  PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
412                         goto err;
413                 }
414
415                 jj=EVP_PKEY_size(pkey);
416                 tmp=(unsigned char *)OPENSSL_malloc(jj+10);
417                 if (tmp == NULL)
418                         {
419                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
420                         goto err;
421                         }
422
423                 jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
424                         M_ASN1_STRING_length(ri->enc_key), pkey);
425                 if (jj <= 0)
426                         {
427                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
428                         goto err;
429                         }
430
431                 evp_ctx=NULL;
432                 BIO_get_cipher_ctx(etmp,&evp_ctx);
433                 EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0);
434                 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
435                         goto err;
436
437                 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
438                         /* Some S/MIME clients don't use the same key
439                          * and effective key length. The key length is
440                          * determined by the size of the decrypted RSA key.
441                          */
442                         if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
443                                 {
444                                 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
445                                         PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
446                                 goto err;
447                                 }
448                 } 
449                 EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0);
450
451                 memset(tmp,0,jj);
452
453                 if (out == NULL)
454                         out=etmp;
455                 else
456                         BIO_push(out,etmp);
457                 etmp=NULL;
458                 }
459
460 #if 1
461         if (PKCS7_is_detached(p7) || (in_bio != NULL))
462                 {
463                 bio=in_bio;
464                 }
465         else 
466                 {
467 #if 0
468                 bio=BIO_new(BIO_s_mem());
469                 /* We need to set this so that when we have read all
470                  * the data, the encrypt BIO, if present, will read
471                  * EOF and encode the last few bytes */
472                 BIO_set_mem_eof_return(bio,0);
473
474                 if (data_body->length > 0)
475                         BIO_write(bio,(char *)data_body->data,data_body->length);
476 #else
477                 if (data_body->length > 0)
478                       bio = BIO_new_mem_buf(data_body->data,data_body->length);
479                 else {
480                         bio=BIO_new(BIO_s_mem());
481                         BIO_set_mem_eof_return(bio,0);
482                 }
483 #endif
484                 }
485         BIO_push(out,bio);
486         bio=NULL;
487 #endif
488         if (0)
489                 {
490 err:
491                 if (out != NULL) BIO_free_all(out);
492                 if (btmp != NULL) BIO_free_all(btmp);
493                 if (etmp != NULL) BIO_free_all(etmp);
494                 if (bio != NULL) BIO_free_all(bio);
495                 out=NULL;
496                 }
497         if (tmp != NULL)
498                 OPENSSL_free(tmp);
499         return(out);
500         }
501
502 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
503         {
504         int ret=0;
505         int i,j;
506         BIO *btmp;
507         BUF_MEM *buf_mem=NULL;
508         BUF_MEM *buf=NULL;
509         PKCS7_SIGNER_INFO *si;
510         EVP_MD_CTX *mdc,ctx_tmp;
511         STACK_OF(X509_ATTRIBUTE) *sk;
512         STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
513         ASN1_OCTET_STRING *os=NULL;
514
515         EVP_MD_CTX_init(&ctx_tmp);
516         i=OBJ_obj2nid(p7->type);
517         p7->state=PKCS7_S_HEADER;
518
519         switch (i)
520                 {
521         case NID_pkcs7_signedAndEnveloped:
522                 /* XXXXXXXXXXXXXXXX */
523                 si_sk=p7->d.signed_and_enveloped->signer_info;
524                 os=M_ASN1_OCTET_STRING_new();
525                 p7->d.signed_and_enveloped->enc_data->enc_data=os;
526                 break;
527         case NID_pkcs7_enveloped:
528                 /* XXXXXXXXXXXXXXXX */
529                 os=M_ASN1_OCTET_STRING_new();
530                 p7->d.enveloped->enc_data->enc_data=os;
531                 break;
532         case NID_pkcs7_signed:
533                 si_sk=p7->d.sign->signer_info;
534                 os=p7->d.sign->contents->d.data;
535                 /* If detached data then the content is excluded */
536                 if(p7->detached) {
537                         M_ASN1_OCTET_STRING_free(os);
538                         p7->d.sign->contents->d.data = NULL;
539                 }
540                 break;
541                 }
542
543         if (si_sk != NULL)
544                 {
545                 if ((buf=BUF_MEM_new()) == NULL)
546                         {
547                         PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
548                         goto err;
549                         }
550                 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
551                         {
552                         si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
553                         if (si->pkey == NULL) continue;
554
555                         j=OBJ_obj2nid(si->digest_alg->algorithm);
556
557                         btmp=bio;
558                         for (;;)
559                                 {
560                                 if ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) 
561                                         == NULL)
562                                         {
563                                         PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
564                                         goto err;
565                                         }
566                                 BIO_get_md_ctx(btmp,&mdc);
567                                 if (mdc == NULL)
568                                         {
569                                         PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
570                                         goto err;
571                                         }
572                                 if (EVP_MD_CTX_type(mdc) == j)
573                                         break;
574                                 else
575                                         btmp=BIO_next(btmp);
576                                 }
577                         
578                         /* We now have the EVP_MD_CTX, lets do the
579                          * signing. */
580                         EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
581                         if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey)))
582                                 {
583                                 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
584                                 goto err;
585                                 }
586
587                         sk=si->auth_attr;
588
589                         /* If there are attributes, we add the digest
590                          * attribute and only sign the attributes */
591                         if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
592                                 {
593                                 unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
594                                 unsigned int md_len, alen;
595                                 ASN1_OCTET_STRING *digest;
596                                 ASN1_UTCTIME *sign_time;
597                                 const EVP_MD *md_tmp;
598
599                                 /* Add signing time if not already present */
600                                 if (!PKCS7_get_signed_attribute(si,
601                                                         NID_pkcs9_signingTime))
602                                         {
603                                         sign_time=X509_gmtime_adj(NULL,0);
604                                         PKCS7_add_signed_attribute(si,
605                                                 NID_pkcs9_signingTime,
606                                                 V_ASN1_UTCTIME,sign_time);
607                                         }
608
609                                 /* Add digest */
610                                 md_tmp=EVP_MD_CTX_md(&ctx_tmp);
611                                 EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
612                                 digest=M_ASN1_OCTET_STRING_new();
613                                 M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
614                                 PKCS7_add_signed_attribute(si,
615                                         NID_pkcs9_messageDigest,
616                                         V_ASN1_OCTET_STRING,digest);
617
618                                 /* Now sign the attributes */
619                                 EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
620                                 alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
621                                                         ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
622                                 if(!abuf) goto err;
623                                 EVP_SignUpdate(&ctx_tmp,abuf,alen);
624                                 OPENSSL_free(abuf);
625                                 }
626
627 #ifndef OPENSSL_NO_DSA
628                         if (si->pkey->type == EVP_PKEY_DSA)
629                                 ctx_tmp.digest=EVP_dss1();
630 #endif
631 #ifndef OPENSSL_NO_ECDSA
632                         if (si->pkey->type == EVP_PKEY_ECDSA)
633                                 ctx_tmp.digest=EVP_ecdsa();
634 #endif
635
636                         if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
637                                 (unsigned int *)&buf->length,si->pkey))
638                                 {
639                                 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
640                                 goto err;
641                                 }
642                         if (!ASN1_STRING_set(si->enc_digest,
643                                 (unsigned char *)buf->data,buf->length))
644                                 {
645                                 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
646                                 goto err;
647                                 }
648                         }
649                 }
650
651         if (!PKCS7_is_detached(p7))
652                 {
653                 btmp=BIO_find_type(bio,BIO_TYPE_MEM);
654                 if (btmp == NULL)
655                         {
656                         PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
657                         goto err;
658                         }
659                 BIO_get_mem_ptr(btmp,&buf_mem);
660                 /* Mark the BIO read only then we can use its copy of the data
661                  * instead of making an extra copy.
662                  */
663                 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
664                 BIO_set_mem_eof_return(btmp, 0);
665                 os->data = (unsigned char *)buf_mem->data;
666                 os->length = buf_mem->length;
667 #if 0
668                 M_ASN1_OCTET_STRING_set(os,
669                         (unsigned char *)buf_mem->data,buf_mem->length);
670 #endif
671                 }
672         ret=1;
673 err:
674         EVP_MD_CTX_cleanup(&ctx_tmp);
675         if (buf != NULL) BUF_MEM_free(buf);
676         return(ret);
677         }
678
679 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
680              PKCS7 *p7, PKCS7_SIGNER_INFO *si)
681         {
682         PKCS7_ISSUER_AND_SERIAL *ias;
683         int ret=0,i;
684         STACK_OF(X509) *cert;
685         X509 *x509;
686
687         if (PKCS7_type_is_signed(p7))
688                 {
689                 cert=p7->d.sign->cert;
690                 }
691         else if (PKCS7_type_is_signedAndEnveloped(p7))
692                 {
693                 cert=p7->d.signed_and_enveloped->cert;
694                 }
695         else
696                 {
697                 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
698                 goto err;
699                 }
700         /* XXXXXXXXXXXXXXXXXXXXXXX */
701         ias=si->issuer_and_serial;
702
703         x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
704
705         /* were we able to find the cert in passed to us */
706         if (x509 == NULL)
707                 {
708                 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
709                 goto err;
710                 }
711
712         /* Lets verify */
713         if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
714                 {
715                 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
716                 goto err;
717                 }
718         X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
719         i=X509_verify_cert(ctx);
720         if (i <= 0) 
721                 {
722                 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
723                 X509_STORE_CTX_cleanup(ctx);
724                 goto err;
725                 }
726         X509_STORE_CTX_cleanup(ctx);
727
728         return PKCS7_signatureVerify(bio, p7, si, x509);
729         err:
730         return ret;
731         }
732
733 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
734                                                                 X509 *x509)
735         {
736         ASN1_OCTET_STRING *os;
737         EVP_MD_CTX mdc_tmp,*mdc;
738         int ret=0,i;
739         int md_type;
740         STACK_OF(X509_ATTRIBUTE) *sk;
741         BIO *btmp;
742         EVP_PKEY *pkey;
743
744         EVP_MD_CTX_init(&mdc_tmp);
745
746         if (!PKCS7_type_is_signed(p7) && 
747                                 !PKCS7_type_is_signedAndEnveloped(p7)) {
748                 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
749                                                 PKCS7_R_WRONG_PKCS7_TYPE);
750                 goto err;
751         }
752
753         md_type=OBJ_obj2nid(si->digest_alg->algorithm);
754
755         btmp=bio;
756         for (;;)
757                 {
758                 if ((btmp == NULL) ||
759                         ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
760                         {
761                         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
762                                         PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
763                         goto err;
764                         }
765                 BIO_get_md_ctx(btmp,&mdc);
766                 if (mdc == NULL)
767                         {
768                         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
769                                                         ERR_R_INTERNAL_ERROR);
770                         goto err;
771                         }
772                 if (EVP_MD_CTX_type(mdc) == md_type)
773                         break;
774                 btmp=BIO_next(btmp);
775                 }
776
777         /* mdc is the digest ctx that we want, unless there are attributes,
778          * in which case the digest is the signed attributes */
779         EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
780
781         sk=si->auth_attr;
782         if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
783                 {
784                 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
785                 unsigned int md_len, alen;
786                 ASN1_OCTET_STRING *message_digest;
787
788                 EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
789                 message_digest=PKCS7_digest_from_attributes(sk);
790                 if (!message_digest)
791                         {
792                         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
793                                         PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
794                         goto err;
795                         }
796                 if ((message_digest->length != (int)md_len) ||
797                         (memcmp(message_digest->data,md_dat,md_len)))
798                         {
799 #if 0
800 {
801 int ii;
802 for (ii=0; ii<message_digest->length; ii++)
803         printf("%02X",message_digest->data[ii]); printf(" sent\n");
804 for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
805 }
806 #endif
807                         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
808                                                         PKCS7_R_DIGEST_FAILURE);
809                         ret= -1;
810                         goto err;
811                         }
812
813                 EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
814
815                 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
816                                                 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
817                 EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
818
819                 OPENSSL_free(abuf);
820                 }
821
822         os=si->enc_digest;
823         pkey = X509_get_pubkey(x509);
824         if (!pkey)
825                 {
826                 ret = -1;
827                 goto err;
828                 }
829 #ifndef OPENSSL_NO_DSA
830         if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
831 #endif
832 #ifndef OPENSSL_NO_ECDSA
833         if (pkey->type == EVP_PKEY_ECDSA) mdc_tmp.digest=EVP_ecdsa();
834 #endif
835
836         i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
837         EVP_PKEY_free(pkey);
838         if (i <= 0)
839                 {
840                 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
841                                                 PKCS7_R_SIGNATURE_FAILURE);
842                 ret= -1;
843                 goto err;
844                 }
845         else
846                 ret=1;
847 err:
848         EVP_MD_CTX_cleanup(&mdc_tmp);
849         return(ret);
850         }
851
852 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
853         {
854         STACK_OF(PKCS7_RECIP_INFO) *rsk;
855         PKCS7_RECIP_INFO *ri;
856         int i;
857
858         i=OBJ_obj2nid(p7->type);
859         if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
860         rsk=p7->d.signed_and_enveloped->recipientinfo;
861         ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
862         if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
863         ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
864         return(ri->issuer_and_serial);
865         }
866
867 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
868         {
869         return(get_attribute(si->auth_attr,nid));
870         }
871
872 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
873         {
874         return(get_attribute(si->unauth_attr,nid));
875         }
876
877 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
878         {
879         int i;
880         X509_ATTRIBUTE *xa;
881         ASN1_OBJECT *o;
882
883         o=OBJ_nid2obj(nid);
884         if (!o || !sk) return(NULL);
885         for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
886                 {
887                 xa=sk_X509_ATTRIBUTE_value(sk,i);
888                 if (OBJ_cmp(xa->object,o) == 0)
889                         {
890                         if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
891                                 return(sk_ASN1_TYPE_value(xa->value.set,0));
892                         else
893                                 return(NULL);
894                         }
895                 }
896         return(NULL);
897         }
898
899 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
900 {
901         ASN1_TYPE *astype;
902         if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
903         return astype->value.octet_string;
904 }
905
906 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
907                                 STACK_OF(X509_ATTRIBUTE) *sk)
908         {
909         int i;
910
911         if (p7si->auth_attr != NULL)
912                 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
913         p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
914         for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
915                 {
916                 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
917                         X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
918                     == NULL)
919                         return(0);
920                 }
921         return(1);
922         }
923
924 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
925         {
926         int i;
927
928         if (p7si->unauth_attr != NULL)
929                 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
930                                            X509_ATTRIBUTE_free);
931         p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
932         for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
933                 {
934                 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
935                         X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
936                     == NULL)
937                         return(0);
938                 }
939         return(1);
940         }
941
942 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
943              void *value)
944         {
945         return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
946         }
947
948 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
949              void *value)
950         {
951         return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
952         }
953
954 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
955                          void *value)
956         {
957         X509_ATTRIBUTE *attr=NULL;
958
959         if (*sk == NULL)
960                 {
961                 *sk = sk_X509_ATTRIBUTE_new_null();
962 new_attrib:
963                 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
964                 sk_X509_ATTRIBUTE_push(*sk,attr);
965                 }
966         else
967                 {
968                 int i;
969
970                 for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
971                         {
972                         attr=sk_X509_ATTRIBUTE_value(*sk,i);
973                         if (OBJ_obj2nid(attr->object) == nid)
974                                 {
975                                 X509_ATTRIBUTE_free(attr);
976                                 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
977                                 sk_X509_ATTRIBUTE_set(*sk,i,attr);
978                                 goto end;
979                                 }
980                         }
981                 goto new_attrib;
982                 }
983 end:
984         return(1);
985         }
986