Check ASN1_TYPE structure type is a SEQUENCE in PKCS7_get_smimecap().
[openssl.git] / crypto / pkcs7 / pk7_doit.c
1 /* crypto/pkcs7/pk7_doit.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  * 
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  * 
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  * 
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from 
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  * 
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * 
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58
59 #include <stdio.h>
60 #include "cryptlib.h"
61 #include <openssl/rand.h>
62 #include <openssl/objects.h>
63 #include <openssl/x509.h>
64 #include <openssl/x509v3.h>
65
66 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
67                          void *value);
68 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
69
70 static int PKCS7_type_is_other(PKCS7* p7)
71         {
72         int isOther=1;
73         
74         int nid=OBJ_obj2nid(p7->type);
75
76         switch( nid )
77                 {
78         case NID_pkcs7_data:
79         case NID_pkcs7_signed:
80         case NID_pkcs7_enveloped:
81         case NID_pkcs7_signedAndEnveloped:
82         case NID_pkcs7_digest:
83         case NID_pkcs7_encrypted:
84                 isOther=0;
85                 break;
86         default:
87                 isOther=1;
88                 }
89
90         return isOther;
91
92         }
93
94 static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
95         {
96         if ( PKCS7_type_is_data(p7))
97                 return p7->d.data;
98         if ( PKCS7_type_is_other(p7) && p7->d.other
99                 && (p7->d.other->type == V_ASN1_OCTET_STRING))
100                 return p7->d.other->value.octet_string;
101         return NULL;
102         }
103
104 static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
105         {
106         BIO *btmp;
107         const EVP_MD *md;
108         if ((btmp=BIO_new(BIO_f_md())) == NULL)
109                 {
110                 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
111                 goto err;
112                 }
113
114         md=EVP_get_digestbyobj(alg->algorithm);
115         if (md == NULL)
116                 {
117                 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE);
118                 goto err;
119                 }
120
121         BIO_set_md(btmp,md);
122         if (*pbio == NULL)
123                 *pbio=btmp;
124         else if (!BIO_push(*pbio,btmp))
125                 {
126                 PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
127                 goto err;
128                 }
129         btmp=NULL;
130
131         return 1;
132
133         err:
134         if (btmp)
135                 BIO_free(btmp);
136         return 0;
137
138         }
139
140 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
141         {
142         int i;
143         BIO *out=NULL,*btmp=NULL;
144         X509_ALGOR *xa = NULL;
145         const EVP_CIPHER *evp_cipher=NULL;
146         STACK_OF(X509_ALGOR) *md_sk=NULL;
147         STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
148         X509_ALGOR *xalg=NULL;
149         PKCS7_RECIP_INFO *ri=NULL;
150         EVP_PKEY *pkey;
151         ASN1_OCTET_STRING *os=NULL;
152
153         i=OBJ_obj2nid(p7->type);
154         p7->state=PKCS7_S_HEADER;
155
156         switch (i)
157                 {
158         case NID_pkcs7_signed:
159                 md_sk=p7->d.sign->md_algs;
160                 os = PKCS7_get_octet_string(p7->d.sign->contents);
161                 break;
162         case NID_pkcs7_signedAndEnveloped:
163                 rsk=p7->d.signed_and_enveloped->recipientinfo;
164                 md_sk=p7->d.signed_and_enveloped->md_algs;
165                 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
166                 evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
167                 if (evp_cipher == NULL)
168                         {
169                         PKCS7err(PKCS7_F_PKCS7_DATAINIT,
170                                                 PKCS7_R_CIPHER_NOT_INITIALIZED);
171                         goto err;
172                         }
173                 break;
174         case NID_pkcs7_enveloped:
175                 rsk=p7->d.enveloped->recipientinfo;
176                 xalg=p7->d.enveloped->enc_data->algorithm;
177                 evp_cipher=p7->d.enveloped->enc_data->cipher;
178                 if (evp_cipher == NULL)
179                         {
180                         PKCS7err(PKCS7_F_PKCS7_DATAINIT,
181                                                 PKCS7_R_CIPHER_NOT_INITIALIZED);
182                         goto err;
183                         }
184                 break;
185         case NID_pkcs7_digest:
186                 xa = p7->d.digest->md;
187                 os = PKCS7_get_octet_string(p7->d.digest->contents);
188                 break;
189         default:
190                 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
191                 goto err;
192                 }
193
194         for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
195                 if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
196                         goto err;
197
198         if (xa && !PKCS7_bio_add_digest(&out, xa))
199                         goto err;
200
201         if (evp_cipher != NULL)
202                 {
203                 unsigned char key[EVP_MAX_KEY_LENGTH];
204                 unsigned char iv[EVP_MAX_IV_LENGTH];
205                 int keylen,ivlen;
206                 int jj,max;
207                 unsigned char *tmp;
208                 EVP_CIPHER_CTX *ctx;
209
210                 if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
211                         {
212                         PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
213                         goto err;
214                         }
215                 BIO_get_cipher_ctx(btmp, &ctx);
216                 keylen=EVP_CIPHER_key_length(evp_cipher);
217                 ivlen=EVP_CIPHER_iv_length(evp_cipher);
218                 xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
219                 if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen);
220                 if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
221                         goto err;
222                 if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
223                         goto err;
224                 if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
225                         goto err;
226
227                 if (ivlen > 0) {
228                         if (xalg->parameter == NULL) 
229                                                 xalg->parameter=ASN1_TYPE_new();
230                         if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
231                                                                        goto err;
232                 }
233
234                 /* Lets do the pub key stuff :-) */
235                 max=0;
236                 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
237                         {
238                         ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
239                         if (ri->cert == NULL)
240                                 {
241                                 PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
242                                 goto err;
243                                 }
244                         pkey=X509_get_pubkey(ri->cert);
245                         jj=EVP_PKEY_size(pkey);
246                         EVP_PKEY_free(pkey);
247                         if (max < jj) max=jj;
248                         }
249                 if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
250                         {
251                         PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
252                         goto err;
253                         }
254                 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
255                         {
256                         ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
257                         pkey=X509_get_pubkey(ri->cert);
258                         jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
259                         EVP_PKEY_free(pkey);
260                         if (jj <= 0)
261                                 {
262                                 PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
263                                 OPENSSL_free(tmp);
264                                 goto err;
265                                 }
266                         M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
267                         }
268                 OPENSSL_free(tmp);
269                 OPENSSL_cleanse(key, keylen);
270
271                 if (out == NULL)
272                         out=btmp;
273                 else
274                         BIO_push(out,btmp);
275                 btmp=NULL;
276                 }
277
278         if (bio == NULL)
279                 {
280                 if (PKCS7_is_detached(p7))
281                         bio=BIO_new(BIO_s_null());
282                 else if (os && os->length > 0)
283                         bio = BIO_new_mem_buf(os->data, os->length);
284                 if(bio == NULL)
285                         {
286                         bio=BIO_new(BIO_s_mem());
287                         BIO_set_mem_eof_return(bio,0);
288                         }
289                 }
290         BIO_push(out,bio);
291         bio=NULL;
292         if (0)
293                 {
294 err:
295                 if (out != NULL)
296                         BIO_free_all(out);
297                 if (btmp != NULL)
298                         BIO_free_all(btmp);
299                 out=NULL;
300                 }
301         return(out);
302         }
303
304 /* int */
305 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
306         {
307         int i,j;
308         BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
309         unsigned char *tmp=NULL;
310         X509_ALGOR *xa;
311         ASN1_OCTET_STRING *data_body=NULL;
312         const EVP_MD *evp_md;
313         const EVP_CIPHER *evp_cipher=NULL;
314         EVP_CIPHER_CTX *evp_ctx=NULL;
315         X509_ALGOR *enc_alg=NULL;
316         STACK_OF(X509_ALGOR) *md_sk=NULL;
317         STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
318         X509_ALGOR *xalg=NULL;
319         PKCS7_RECIP_INFO *ri=NULL;
320
321         i=OBJ_obj2nid(p7->type);
322         p7->state=PKCS7_S_HEADER;
323
324         switch (i)
325                 {
326         case NID_pkcs7_signed:
327                 data_body=PKCS7_get_octet_string(p7->d.sign->contents);
328                 md_sk=p7->d.sign->md_algs;
329                 break;
330         case NID_pkcs7_signedAndEnveloped:
331                 rsk=p7->d.signed_and_enveloped->recipientinfo;
332                 md_sk=p7->d.signed_and_enveloped->md_algs;
333                 data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
334                 enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
335                 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
336                 if (evp_cipher == NULL)
337                         {
338                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
339                         goto err;
340                         }
341                 xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
342                 break;
343         case NID_pkcs7_enveloped:
344                 rsk=p7->d.enveloped->recipientinfo;
345                 enc_alg=p7->d.enveloped->enc_data->algorithm;
346                 data_body=p7->d.enveloped->enc_data->enc_data;
347                 evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
348                 if (evp_cipher == NULL)
349                         {
350                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
351                         goto err;
352                         }
353                 xalg=p7->d.enveloped->enc_data->algorithm;
354                 break;
355         default:
356                 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
357                 goto err;
358                 }
359
360         /* We will be checking the signature */
361         if (md_sk != NULL)
362                 {
363                 for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
364                         {
365                         xa=sk_X509_ALGOR_value(md_sk,i);
366                         if ((btmp=BIO_new(BIO_f_md())) == NULL)
367                                 {
368                                 PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
369                                 goto err;
370                                 }
371
372                         j=OBJ_obj2nid(xa->algorithm);
373                         evp_md=EVP_get_digestbynid(j);
374                         if (evp_md == NULL)
375                                 {
376                                 PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
377                                 goto err;
378                                 }
379
380                         BIO_set_md(btmp,evp_md);
381                         if (out == NULL)
382                                 out=btmp;
383                         else
384                                 BIO_push(out,btmp);
385                         btmp=NULL;
386                         }
387                 }
388
389         if (evp_cipher != NULL)
390                 {
391 #if 0
392                 unsigned char key[EVP_MAX_KEY_LENGTH];
393                 unsigned char iv[EVP_MAX_IV_LENGTH];
394                 unsigned char *p;
395                 int keylen,ivlen;
396                 int max;
397                 X509_OBJECT ret;
398 #endif
399                 int jj;
400
401                 if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
402                         {
403                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
404                         goto err;
405                         }
406
407                 /* It was encrypted, we need to decrypt the secret key
408                  * with the private key */
409
410                 /* Find the recipientInfo which matches the passed certificate
411                  * (if any)
412                  */
413
414                 for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
415                         ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
416                         if(!X509_NAME_cmp(ri->issuer_and_serial->issuer,
417                                         pcert->cert_info->issuer) &&
418                              !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
419                                         ri->issuer_and_serial->serial)) break;
420                         ri=NULL;
421                 }
422                 if (ri == NULL) {
423                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,
424                                  PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
425                         goto err;
426                 }
427
428                 jj=EVP_PKEY_size(pkey);
429                 tmp=(unsigned char *)OPENSSL_malloc(jj+10);
430                 if (tmp == NULL)
431                         {
432                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
433                         goto err;
434                         }
435
436                 jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key),
437                         M_ASN1_STRING_length(ri->enc_key), pkey);
438                 if (jj <= 0)
439                         {
440                         PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB);
441                         goto err;
442                         }
443
444                 evp_ctx=NULL;
445                 BIO_get_cipher_ctx(etmp,&evp_ctx);
446                 if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
447                         goto err;
448                 if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
449                         goto err;
450
451                 if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
452                         /* Some S/MIME clients don't use the same key
453                          * and effective key length. The key length is
454                          * determined by the size of the decrypted RSA key.
455                          */
456                         if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
457                                 {
458                                 PKCS7err(PKCS7_F_PKCS7_DATADECODE,
459                                         PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
460                                 goto err;
461                                 }
462                 } 
463                 if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
464                         goto err;
465
466                 OPENSSL_cleanse(tmp,jj);
467
468                 if (out == NULL)
469                         out=etmp;
470                 else
471                         BIO_push(out,etmp);
472                 etmp=NULL;
473                 }
474
475 #if 1
476         if (PKCS7_is_detached(p7) || (in_bio != NULL))
477                 {
478                 bio=in_bio;
479                 }
480         else 
481                 {
482 #if 0
483                 bio=BIO_new(BIO_s_mem());
484                 /* We need to set this so that when we have read all
485                  * the data, the encrypt BIO, if present, will read
486                  * EOF and encode the last few bytes */
487                 BIO_set_mem_eof_return(bio,0);
488
489                 if (data_body->length > 0)
490                         BIO_write(bio,(char *)data_body->data,data_body->length);
491 #else
492                 if (data_body->length > 0)
493                       bio = BIO_new_mem_buf(data_body->data,data_body->length);
494                 else {
495                         bio=BIO_new(BIO_s_mem());
496                         BIO_set_mem_eof_return(bio,0);
497                 }
498 #endif
499                 }
500         BIO_push(out,bio);
501         bio=NULL;
502 #endif
503         if (0)
504                 {
505 err:
506                 if (out != NULL) BIO_free_all(out);
507                 if (btmp != NULL) BIO_free_all(btmp);
508                 if (etmp != NULL) BIO_free_all(etmp);
509                 if (bio != NULL) BIO_free_all(bio);
510                 out=NULL;
511                 }
512         if (tmp != NULL)
513                 OPENSSL_free(tmp);
514         return(out);
515         }
516
517 static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
518         {
519         for (;;)
520                 {
521                 bio=BIO_find_type(bio,BIO_TYPE_MD);
522                 if (bio == NULL)
523                         {
524                         PKCS7err(PKCS7_F_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
525                         return NULL;    
526                         }
527                 BIO_get_md_ctx(bio,pmd);
528                 if (*pmd == NULL)
529                         {
530                         PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR);
531                         return NULL;
532                         }       
533                 if (EVP_MD_CTX_type(*pmd) == nid)
534                         return bio;
535                 bio=BIO_next(bio);
536                 }
537         return NULL;
538         }
539
540 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
541         {
542         int ret=0;
543         int i,j;
544         BIO *btmp;
545         BUF_MEM *buf_mem=NULL;
546         BUF_MEM *buf=NULL;
547         PKCS7_SIGNER_INFO *si;
548         EVP_MD_CTX *mdc,ctx_tmp;
549         STACK_OF(X509_ATTRIBUTE) *sk;
550         STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
551         ASN1_OCTET_STRING *os=NULL;
552
553         EVP_MD_CTX_init(&ctx_tmp);
554         i=OBJ_obj2nid(p7->type);
555         p7->state=PKCS7_S_HEADER;
556
557         switch (i)
558                 {
559         case NID_pkcs7_signedAndEnveloped:
560                 /* XXXXXXXXXXXXXXXX */
561                 si_sk=p7->d.signed_and_enveloped->signer_info;
562                 os=M_ASN1_OCTET_STRING_new();
563                 p7->d.signed_and_enveloped->enc_data->enc_data=os;
564                 break;
565         case NID_pkcs7_enveloped:
566                 /* XXXXXXXXXXXXXXXX */
567                 os=M_ASN1_OCTET_STRING_new();
568                 p7->d.enveloped->enc_data->enc_data=os;
569                 break;
570         case NID_pkcs7_signed:
571                 si_sk=p7->d.sign->signer_info;
572                 os=PKCS7_get_octet_string(p7->d.sign->contents);
573                 /* If detached data then the content is excluded */
574                 if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
575                         M_ASN1_OCTET_STRING_free(os);
576                         p7->d.sign->contents->d.data = NULL;
577                 }
578                 break;
579
580         case NID_pkcs7_digest:
581                 os=PKCS7_get_octet_string(p7->d.digest->contents);
582                 /* If detached data then the content is excluded */
583                 if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
584                         {
585                         M_ASN1_OCTET_STRING_free(os);
586                         p7->d.digest->contents->d.data = NULL;
587                         }
588                 break;
589
590                 }
591
592         if (si_sk != NULL)
593                 {
594                 if ((buf=BUF_MEM_new()) == NULL)
595                         {
596                         PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
597                         goto err;
598                         }
599                 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
600                         {
601                         si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
602                         if (si->pkey == NULL) continue;
603
604                         j=OBJ_obj2nid(si->digest_alg->algorithm);
605
606                         btmp=bio;
607
608                         btmp = PKCS7_find_digest(&mdc, btmp, j);
609
610                         if (btmp == NULL)
611                                 goto err;
612
613                         /* We now have the EVP_MD_CTX, lets do the
614                          * signing. */
615                         EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
616                         if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
617                                 {
618                                 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB);
619                                 goto err;
620                                 }
621
622                         sk=si->auth_attr;
623
624                         /* If there are attributes, we add the digest
625                          * attribute and only sign the attributes */
626                         if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
627                                 {
628                                 unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
629                                 unsigned int md_len, alen;
630                                 ASN1_OCTET_STRING *digest;
631                                 ASN1_UTCTIME *sign_time;
632                                 const EVP_MD *md_tmp;
633
634                                 /* Add signing time if not already present */
635                                 if (!PKCS7_get_signed_attribute(si,
636                                                         NID_pkcs9_signingTime))
637                                         {
638                                         sign_time=X509_gmtime_adj(NULL,0);
639                                         PKCS7_add_signed_attribute(si,
640                                                 NID_pkcs9_signingTime,
641                                                 V_ASN1_UTCTIME,sign_time);
642                                         }
643
644                                 /* Add digest */
645                                 md_tmp=EVP_MD_CTX_md(&ctx_tmp);
646                                 EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
647                                 digest=M_ASN1_OCTET_STRING_new();
648                                 M_ASN1_OCTET_STRING_set(digest,md_data,md_len);
649                                 PKCS7_add_signed_attribute(si,
650                                         NID_pkcs9_messageDigest,
651                                         V_ASN1_OCTET_STRING,digest);
652
653                                 /* Now sign the attributes */
654                                 EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
655                                 alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
656                                                         ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
657                                 if(!abuf) goto err;
658                                 EVP_SignUpdate(&ctx_tmp,abuf,alen);
659                                 OPENSSL_free(abuf);
660                                 }
661
662 #ifndef OPENSSL_NO_DSA
663                         if (si->pkey->type == EVP_PKEY_DSA)
664                                 ctx_tmp.digest=EVP_dss1();
665 #endif
666 #ifndef OPENSSL_NO_ECDSA
667                         if (si->pkey->type == EVP_PKEY_EC)
668                                 ctx_tmp.digest=EVP_ecdsa();
669 #endif
670
671                         if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
672                                 (unsigned int *)&buf->length,si->pkey))
673                                 {
674                                 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB);
675                                 goto err;
676                                 }
677                         if (!ASN1_STRING_set(si->enc_digest,
678                                 (unsigned char *)buf->data,buf->length))
679                                 {
680                                 PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB);
681                                 goto err;
682                                 }
683                         }
684                 }
685         else if (i == NID_pkcs7_digest)
686                 {
687                 unsigned char md_data[EVP_MAX_MD_SIZE];
688                 unsigned int md_len;
689                 if (!PKCS7_find_digest(&mdc, bio,
690                                 OBJ_obj2nid(p7->d.digest->md->algorithm)))
691                         goto err;
692                 EVP_DigestFinal_ex(mdc,md_data,&md_len);
693                 M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
694                 }
695
696         if (!PKCS7_is_detached(p7))
697                 {
698                 btmp=BIO_find_type(bio,BIO_TYPE_MEM);
699                 if (btmp == NULL)
700                         {
701                         PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
702                         goto err;
703                         }
704                 BIO_get_mem_ptr(btmp,&buf_mem);
705                 /* Mark the BIO read only then we can use its copy of the data
706                  * instead of making an extra copy.
707                  */
708                 BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
709                 BIO_set_mem_eof_return(btmp, 0);
710                 os->data = (unsigned char *)buf_mem->data;
711                 os->length = buf_mem->length;
712 #if 0
713                 M_ASN1_OCTET_STRING_set(os,
714                         (unsigned char *)buf_mem->data,buf_mem->length);
715 #endif
716                 }
717         ret=1;
718 err:
719         EVP_MD_CTX_cleanup(&ctx_tmp);
720         if (buf != NULL) BUF_MEM_free(buf);
721         return(ret);
722         }
723
724 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
725              PKCS7 *p7, PKCS7_SIGNER_INFO *si)
726         {
727         PKCS7_ISSUER_AND_SERIAL *ias;
728         int ret=0,i;
729         STACK_OF(X509) *cert;
730         X509 *x509;
731
732         if (PKCS7_type_is_signed(p7))
733                 {
734                 cert=p7->d.sign->cert;
735                 }
736         else if (PKCS7_type_is_signedAndEnveloped(p7))
737                 {
738                 cert=p7->d.signed_and_enveloped->cert;
739                 }
740         else
741                 {
742                 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
743                 goto err;
744                 }
745         /* XXXXXXXXXXXXXXXXXXXXXXX */
746         ias=si->issuer_and_serial;
747
748         x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
749
750         /* were we able to find the cert in passed to us */
751         if (x509 == NULL)
752                 {
753                 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
754                 goto err;
755                 }
756
757         /* Lets verify */
758         if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
759                 {
760                 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
761                 goto err;
762                 }
763         X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
764         i=X509_verify_cert(ctx);
765         if (i <= 0) 
766                 {
767                 PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
768                 X509_STORE_CTX_cleanup(ctx);
769                 goto err;
770                 }
771         X509_STORE_CTX_cleanup(ctx);
772
773         return PKCS7_signatureVerify(bio, p7, si, x509);
774         err:
775         return ret;
776         }
777
778 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
779                                                                 X509 *x509)
780         {
781         ASN1_OCTET_STRING *os;
782         EVP_MD_CTX mdc_tmp,*mdc;
783         int ret=0,i;
784         int md_type;
785         STACK_OF(X509_ATTRIBUTE) *sk;
786         BIO *btmp;
787         EVP_PKEY *pkey;
788
789         EVP_MD_CTX_init(&mdc_tmp);
790
791         if (!PKCS7_type_is_signed(p7) && 
792                                 !PKCS7_type_is_signedAndEnveloped(p7)) {
793                 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
794                                                 PKCS7_R_WRONG_PKCS7_TYPE);
795                 goto err;
796         }
797
798         md_type=OBJ_obj2nid(si->digest_alg->algorithm);
799
800         btmp=bio;
801         for (;;)
802                 {
803                 if ((btmp == NULL) ||
804                         ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
805                         {
806                         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
807                                         PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
808                         goto err;
809                         }
810                 BIO_get_md_ctx(btmp,&mdc);
811                 if (mdc == NULL)
812                         {
813                         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
814                                                         ERR_R_INTERNAL_ERROR);
815                         goto err;
816                         }
817                 if (EVP_MD_CTX_type(mdc) == md_type)
818                         break;
819                 /* Workaround for some broken clients that put the signature
820                  * OID instead of the digest OID in digest_alg->algorithm
821                  */
822                 if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
823                         break;
824                 btmp=BIO_next(btmp);
825                 }
826
827         /* mdc is the digest ctx that we want, unless there are attributes,
828          * in which case the digest is the signed attributes */
829         EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
830
831         sk=si->auth_attr;
832         if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
833                 {
834                 unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
835                 unsigned int md_len, alen;
836                 ASN1_OCTET_STRING *message_digest;
837
838                 EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
839                 message_digest=PKCS7_digest_from_attributes(sk);
840                 if (!message_digest)
841                         {
842                         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
843                                         PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
844                         goto err;
845                         }
846                 if ((message_digest->length != (int)md_len) ||
847                         (memcmp(message_digest->data,md_dat,md_len)))
848                         {
849 #if 0
850 {
851 int ii;
852 for (ii=0; ii<message_digest->length; ii++)
853         printf("%02X",message_digest->data[ii]); printf(" sent\n");
854 for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
855 }
856 #endif
857                         PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
858                                                         PKCS7_R_DIGEST_FAILURE);
859                         ret= -1;
860                         goto err;
861                         }
862
863                 EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
864
865                 alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
866                                                 ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
867                 EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
868
869                 OPENSSL_free(abuf);
870                 }
871
872         os=si->enc_digest;
873         pkey = X509_get_pubkey(x509);
874         if (!pkey)
875                 {
876                 ret = -1;
877                 goto err;
878                 }
879 #ifndef OPENSSL_NO_DSA
880         if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
881 #endif
882 #ifndef OPENSSL_NO_ECDSA
883         if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
884 #endif
885
886         i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
887         EVP_PKEY_free(pkey);
888         if (i <= 0)
889                 {
890                 PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
891                                                 PKCS7_R_SIGNATURE_FAILURE);
892                 ret= -1;
893                 goto err;
894                 }
895         else
896                 ret=1;
897 err:
898         EVP_MD_CTX_cleanup(&mdc_tmp);
899         return(ret);
900         }
901
902 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
903         {
904         STACK_OF(PKCS7_RECIP_INFO) *rsk;
905         PKCS7_RECIP_INFO *ri;
906         int i;
907
908         i=OBJ_obj2nid(p7->type);
909         if (i != NID_pkcs7_signedAndEnveloped) return(NULL);
910         rsk=p7->d.signed_and_enveloped->recipientinfo;
911         ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
912         if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
913         ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
914         return(ri->issuer_and_serial);
915         }
916
917 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
918         {
919         return(get_attribute(si->auth_attr,nid));
920         }
921
922 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
923         {
924         return(get_attribute(si->unauth_attr,nid));
925         }
926
927 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
928         {
929         int i;
930         X509_ATTRIBUTE *xa;
931         ASN1_OBJECT *o;
932
933         o=OBJ_nid2obj(nid);
934         if (!o || !sk) return(NULL);
935         for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
936                 {
937                 xa=sk_X509_ATTRIBUTE_value(sk,i);
938                 if (OBJ_cmp(xa->object,o) == 0)
939                         {
940                         if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
941                                 return(sk_ASN1_TYPE_value(xa->value.set,0));
942                         else
943                                 return(NULL);
944                         }
945                 }
946         return(NULL);
947         }
948
949 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
950 {
951         ASN1_TYPE *astype;
952         if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
953         return astype->value.octet_string;
954 }
955
956 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
957                                 STACK_OF(X509_ATTRIBUTE) *sk)
958         {
959         int i;
960
961         if (p7si->auth_attr != NULL)
962                 sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
963         p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
964         for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
965                 {
966                 if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
967                         X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
968                     == NULL)
969                         return(0);
970                 }
971         return(1);
972         }
973
974 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
975         {
976         int i;
977
978         if (p7si->unauth_attr != NULL)
979                 sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
980                                            X509_ATTRIBUTE_free);
981         p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
982         for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
983                 {
984                 if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
985                         X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
986                     == NULL)
987                         return(0);
988                 }
989         return(1);
990         }
991
992 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
993              void *value)
994         {
995         return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
996         }
997
998 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
999              void *value)
1000         {
1001         return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
1002         }
1003
1004 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
1005                          void *value)
1006         {
1007         X509_ATTRIBUTE *attr=NULL;
1008
1009         if (*sk == NULL)
1010                 {
1011                 *sk = sk_X509_ATTRIBUTE_new_null();
1012 new_attrib:
1013                 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
1014                 sk_X509_ATTRIBUTE_push(*sk,attr);
1015                 }
1016         else
1017                 {
1018                 int i;
1019
1020                 for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
1021                         {
1022                         attr=sk_X509_ATTRIBUTE_value(*sk,i);
1023                         if (OBJ_obj2nid(attr->object) == nid)
1024                                 {
1025                                 X509_ATTRIBUTE_free(attr);
1026                                 attr=X509_ATTRIBUTE_create(nid,atrtype,value);
1027                                 sk_X509_ATTRIBUTE_set(*sk,i,attr);
1028                                 goto end;
1029                                 }
1030                         }
1031                 goto new_attrib;
1032                 }
1033 end:
1034         return(1);
1035         }
1036