More S/MIME tidy. Place some common attribute operations in utility

	sk_X509_ALGOR_push (sk, alg);

	return 1;

}

int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)

	{

	if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))

		return 0;

	if (!coid)

		coid = OBJ_nid2obj(NID_pkcs7_data);

	return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,

				V_ASN1_OBJECT, coid);

	}

int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)

	{

	if (!t && !(t=X509_gmtime_adj(NULL,0)))

		{

		PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,

				ERR_R_MALLOC_FAILURE);

		return 0;

		}

	return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,

						V_ASN1_UTCTIME, t);

	}

int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,

				const unsigned char *md, int mdlen)

	{

	ASN1_OCTET_STRING *os;

	os = ASN1_OCTET_STRING_new();

	if (!os)

		return 0;

	if (!ASN1_STRING_set(os, md, mdlen)

		|| PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,

						V_ASN1_OCTET_STRING, os))

		{

		ASN1_OCTET_STRING_free(os);

		return 0;

		}

	return 1;

	}

	return NULL;

	}

static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)

	{

	unsigned char md_data[EVP_MAX_MD_SIZE];

	unsigned int md_len;

	/* Add signing time if not already present */

	if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime))

		{

		if (!PKCS7_add0_attrib_signing_time(si, NULL))

			{

			PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB,

					ERR_R_MALLOC_FAILURE);

			return 0;

			}

		}

	/* Add digest */

	EVP_DigestFinal_ex(mctx, md_data,&md_len);

	if (!PKCS7_add1_attrib_digest(si, md_data, md_len))

		{

		PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);

		return 0;

		}

	/* Now sign the attributes */

	if (!PKCS7_SIGNER_INFO_sign(si))

			return 0;

	return 1;

	}

int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)

	{

	int ret=0;

	int i,j;

	BIO *btmp;

	BUF_MEM *buf_mem=NULL;

	BUF_MEM *buf=NULL;

	PKCS7_SIGNER_INFO *si;

	EVP_MD_CTX *mdc,ctx_tmp;

	STACK_OF(X509_ATTRIBUTE) *sk;

	if (si_sk != NULL)

		{

		if ((buf=BUF_MEM_new()) == NULL)

			{

			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);

			goto err;

			}

		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)

			{

			si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);

			if (si->pkey == NULL) continue;

			if (si->pkey == NULL)

				continue;

			j = OBJ_obj2nid(si->digest_alg->algorithm);

			/* We now have the EVP_MD_CTX, lets do the

			 * signing. */

			EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);

			if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))

				{

				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);

				goto err;

				}

			sk=si->auth_attr;

			/* If there are attributes, we add the digest

			 * attribute and only sign the attributes */

			if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))

				{

				unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;

				unsigned int md_len, alen;

				ASN1_OCTET_STRING *digest;

				ASN1_UTCTIME *sign_time;

				const EVP_MD *md_tmp;

				/* Add signing time if not already present */

				if (!PKCS7_get_signed_attribute(si,

							NID_pkcs9_signingTime))

					{

					if (!(sign_time=X509_gmtime_adj(NULL,0)))

						{

						PKCS7err(PKCS7_F_PKCS7_DATAFINAL,

							ERR_R_MALLOC_FAILURE);

						goto err;

						}

					PKCS7_add_signed_attribute(si,

						NID_pkcs9_signingTime,

						V_ASN1_UTCTIME,sign_time);

					}

				/* Add digest */

				md_tmp=EVP_MD_CTX_md(&ctx_tmp);

				EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);

				if (!(digest=M_ASN1_OCTET_STRING_new()))

			if (sk_X509_ATTRIBUTE_num(sk) > 0)

				{

					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,

						ERR_R_MALLOC_FAILURE);

				if (!do_pkcs7_signed_attrib(si, &ctx_tmp))

					goto err;

				}

				if (!M_ASN1_OCTET_STRING_set(digest,md_data,

								md_len))

			else

				{

					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,

						ERR_R_MALLOC_FAILURE);

				unsigned char *abuf = NULL;

				unsigned int abuflen;

				abuflen = EVP_PKEY_size(si->pkey);

				abuf = OPENSSL_malloc(abuflen);

				if (!abuf)

					goto err;

					}

				PKCS7_add_signed_attribute(si,

					NID_pkcs9_messageDigest,

					V_ASN1_OCTET_STRING,digest);

				/* Now sign the attributes */

				EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);

				alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,

							ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));

				if(!abuf) goto err;

				EVP_SignUpdate(&ctx_tmp,abuf,alen);

				OPENSSL_free(abuf);

				}

			if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,

				(unsigned int *)&buf->length,si->pkey))

				if (!EVP_SignFinal(&ctx_tmp, abuf, &abuflen,

							si->pkey))

					{

				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);

					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,

							ERR_R_EVP_LIB);

					goto err;

					}

			if (!ASN1_STRING_set(si->enc_digest,

				(unsigned char *)buf->data,buf->length))

				{

				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);

				goto err;

				ASN1_STRING_set0(si->enc_digest, abuf, abuflen);

				}

			}

		}

	if (!PKCS7_is_detached(p7))

		{

		char *cont;

		long contlen;

		btmp=BIO_find_type(bio,BIO_TYPE_MEM);

		if (btmp == NULL)

			{

			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);

			goto err;

			}

		BIO_get_mem_ptr(btmp,&buf_mem);

		contlen = BIO_get_mem_data(btmp, &cont);

		/* Mark the BIO read only then we can use its copy of the data

		 * instead of making an extra copy.

		 */

		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);

		BIO_set_mem_eof_return(btmp, 0);

		os->data = (unsigned char *)buf_mem->data;

		os->length = buf_mem->length;

#if 0

		M_ASN1_OCTET_STRING_set(os,

			(unsigned char *)buf_mem->data,buf_mem->length);

#endif

		ASN1_STRING_set0(os, (unsigned char *)cont, contlen);

		}

	ret=1;

err:

	EVP_MD_CTX_cleanup(&ctx_tmp);

	if (buf != NULL) BUF_MEM_free(buf);

	return(ret);

	}

int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)

	{

	EVP_MD_CTX mctx;

	unsigned char *abuf = NULL;

	int alen;

	unsigned int siglen;

	const EVP_MD *md = NULL;

	md = EVP_get_digestbyobj(si->digest_alg->algorithm);

	if (md == NULL)

		return 0;

	EVP_MD_CTX_init(&mctx);

	if (!EVP_SignInit_ex(&mctx,md,NULL))

		goto err;

	alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr,&abuf,

				ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));

	if(!abuf)

		goto err;

	if (!EVP_SignUpdate(&mctx,abuf,alen))

		goto err;

	OPENSSL_free(abuf);

	abuf = OPENSSL_malloc(EVP_PKEY_size(si->pkey));

	if(!abuf)

		goto err;

	if (!EVP_SignFinal(&mctx, abuf, &siglen, si->pkey))

		goto err;

	EVP_MD_CTX_cleanup(&mctx);

	ASN1_STRING_set0(si->enc_digest, abuf, siglen);

	abuf = NULL;

	return 1;

	err:

	if (abuf)

		OPENSSL_free(abuf);

	EVP_MD_CTX_cleanup(&mctx);

	return 0;

	}

int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,

	     PKCS7 *p7, PKCS7_SIGNER_INFO *si)

	{

	STACK_OF(X509_ALGOR) *smcap = NULL;

	if(!X509_check_private_key(signcert, pkey))

		{

		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,

		PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,

			PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);

                return NULL;

		}

    	if (!(si = PKCS7_add_signature(p7,signcert,pkey, md)))

		{

		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,

		PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,

				PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);

		return NULL;

		}

	if(!(flags & PKCS7_NOATTR))

		{

		if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,

				V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)))

		if (!PKCS7_add_attrib_content_type(si, NULL))

			goto err;

		/* Add SMIMECapabilities */

		if(!(flags & PKCS7_NOSMIMECAP))

			{

			if(!(smcap = sk_X509_ALGOR_new_null()))

				{

				PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,

				PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,

					ERR_R_MALLOC_FAILURE);

				goto err;

				}

int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);

int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,

	const EVP_MD *dgst);

int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);

int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);

int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);

int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);

STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);

int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);

int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);

int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);

int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,

				const unsigned char *md, int mdlen);

int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);

PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);

int SMIME_crlf_copy(BIO *in, BIO *out, int flags);

/* Function codes. */

#define PKCS7_F_B64_READ_PKCS7				 120

#define PKCS7_F_B64_WRITE_PKCS7				 121

#define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB			 136

#define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME		 135

#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP		 118

#define PKCS7_F_PKCS7_ADD_CERTIFICATE			 100

#define PKCS7_F_PKCS7_ADD_CRL				 101

#define PKCS7_F_PKCS7_SIGN				 116

#define PKCS7_F_PKCS7_SIGNATUREVERIFY			 113

#define PKCS7_F_PKCS7_SIGNER_INFO_SET			 129

#define PKCS7_F_PKCS7_SIGN_ADD_SIGNER			 137

#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP			 119

#define PKCS7_F_PKCS7_VERIFY				 117

#define PKCS7_F_SMIME_READ_PKCS7			 122

	{

{ERR_FUNC(PKCS7_F_B64_READ_PKCS7),	"B64_READ_PKCS7"},

{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7),	"B64_WRITE_PKCS7"},

{ERR_FUNC(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB),	"DO_PKCS7_SIGNED_ATTRIB"},

{ERR_FUNC(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME),	"PKCS7_add0_attrib_signing_time"},

{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),	"PKCS7_add_attrib_smimecap"},

{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE),	"PKCS7_add_certificate"},

{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),	"PKCS7_add_crl"},

{ERR_FUNC(PKCS7_F_PKCS7_SIGN),	"PKCS7_sign"},

{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),	"PKCS7_signatureVerify"},

{ERR_FUNC(PKCS7_F_PKCS7_SIGNER_INFO_SET),	"PKCS7_SIGNER_INFO_set"},

{ERR_FUNC(PKCS7_F_PKCS7_SIGN_ADD_SIGNER),	"PKCS7_sign_add_signer"},

{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP),	"PKCS7_simple_smimecap"},

{ERR_FUNC(PKCS7_F_PKCS7_VERIFY),	"PKCS7_verify"},

{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7),	"SMIME_read_PKCS7"},