Change EVP_MD_CTX_type so it is more logical and add EVP_MD_CTX_md for

[openssl.git] / crypto / pkcs7 / pk7_doit.c

diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index a4cf9b4021df1209064f12571d9a0b7b8dc8884b..80ac5e34b4c5351badb140ce60743a11c96a2b1a 100644 (file)
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -61,6 +61,7 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
                         void *value);
@@ -160,9 +161,10 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                BIO_get_cipher_ctx(btmp, &ctx);
                keylen=EVP_CIPHER_key_length(evp_cipher);
                ivlen=EVP_CIPHER_iv_length(evp_cipher);
-               RAND_bytes(key,keylen);
+               if (RAND_bytes(key,keylen) <= 0)
+                       goto err;
                xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
-               if (ivlen > 0) RAND_bytes(iv,ivlen);
+               if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
                EVP_CipherInit(ctx, evp_cipher, key, iv, 1);
 
                if (ivlen > 0) {
@@ -226,7 +228,8 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                                os=p7->d.sign->contents->d.data;
                                if (os->length > 0) bio = 
                                        BIO_new_mem_buf(os->data, os->length);
-                       } else {
+                       } 
+                       if(bio == NULL) {
                                bio=BIO_new(BIO_s_mem());
                                BIO_set_mem_eof_return(bio,0);
                        }
@@ -251,7 +254,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        {
        int i,j;
        BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
-       char *tmp=NULL;
+       unsigned char *tmp=NULL;
        X509_ALGOR *xa;
        ASN1_OCTET_STRING *data_body=NULL;
        const EVP_MD *evp_md;
@@ -262,6 +265,9 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
        X509_ALGOR *xalg=NULL;
        PKCS7_RECIP_INFO *ri=NULL;
+#ifndef NO_RC2
+       char is_rc2 = 0;
+#endif
 /*     EVP_PKEY *pkey; */
 #if 0
        X509_STORE_CTX s_ctx;
@@ -306,6 +312,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                goto err;
                }
 
+       if(EVP_CIPHER_nid(evp_cipher) == NID_rc2_cbc)
+               {
+#ifndef NO_RC2         
+               is_rc2 = 1; 
+#else
+               PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+               goto err;
+#endif
+               }
+
        /* We will be checking the signature */
        if (md_sk != NULL)
                {
@@ -375,17 +391,15 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                }
 
                jj=EVP_PKEY_size(pkey);
-               tmp=Malloc(jj+10);
+               tmp=(unsigned char *)Malloc(jj+10);
                if (tmp == NULL)
                        {
                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
 
-               jj=EVP_PKEY_decrypt((unsigned char *)tmp,
-                       M_ASN1_STRING_data(ri->enc_key),
-                       M_ASN1_STRING_length(ri->enc_key),
-                       pkey);
+               jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
+                       M_ASN1_STRING_length(ri->enc_key), pkey);
                if (jj <= 0)
                        {
                        PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
@@ -398,13 +412,25 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
                        return(NULL);
 
-               if (jj != EVP_CIPHER_CTX_key_length(evp_ctx))
-                       {
-                       PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+               if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+                       /* HACK: some S/MIME clients don't use the same key
+                        * and effective key length. The key length is
+                        * determined by the size of the decrypted RSA key.
+                        * So we hack things to manually set the RC2 key
+                        * because we currently can't do this with the EVP
+                        * interface.
+                        */
+#ifndef NO_RC2         
+                       if(is_rc2) RC2_set_key(&(evp_ctx->c.rc2_ks),jj, tmp,
+                                       EVP_CIPHER_CTX_key_length(evp_ctx)*8);
+                       else
+#endif
+                               {
+                               PKCS7err(PKCS7_F_PKCS7_DATADECODE,
                                        PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
-                       goto err;
-                       }
-               EVP_CipherInit(evp_ctx,NULL,(unsigned char *)tmp,NULL,0);
+                               goto err;
+                               }
+               } else EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
 
                memset(tmp,0,jj);
 
@@ -528,7 +554,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                        PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR);
                                        goto err;
                                        }
-                               if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == j)
+                               if (EVP_MD_CTX_type(mdc) == j)
                                        break;
                                else
                                        btmp=btmp->next_bio;
@@ -562,7 +588,7 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                                        V_ASN1_UTCTIME,sign_time);
 
                                /* Add digest */
-                               md_tmp=EVP_MD_CTX_type(&ctx_tmp);
+                               md_tmp=EVP_MD_CTX_md(&ctx_tmp);
                                EVP_DigestFinal(&ctx_tmp,md_data,&md_len);
                                digest=M_ASN1_OCTET_STRING_new();
                                M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
@@ -668,6 +694,7 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
 
        /* Lets verify */
        X509_STORE_CTX_init(ctx,cert_store,x509,cert);
+       X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
        i=X509_verify_cert(ctx);
        if (i <= 0) 
                {
@@ -719,7 +746,7 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
                                                        PKCS7_R_INTERNAL_ERROR);
                        goto err;
                        }
-               if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type)
+               if (EVP_MD_CTX_type(mdc) == md_type)
                        break;
                btmp=btmp->next_bio;    
                }