diff options
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/pkcs12/pk12err.c | 2 | ||||
-rw-r--r-- | crypto/pkcs7/Makefile.ssl | 4 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_attr.c | 85 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_doit.c | 2 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_mime.c | 673 | ||||
-rw-r--r-- | crypto/pkcs7/pk7_smime.c | 392 | ||||
-rw-r--r-- | crypto/pkcs7/pkcs7.h | 75 | ||||
-rw-r--r-- | crypto/pkcs7/pkcs7err.c | 35 |
8 files changed, 1265 insertions, 3 deletions
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c index 00140a4779..9d8de10e1e 100644 --- a/crypto/pkcs12/pk12err.c +++ b/crypto/pkcs12/pk12err.c @@ -79,7 +79,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]= {ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, -{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_NEWPASS"}, +{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"}, {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, {ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl index ea60491529..b57c68fd36 100644 --- a/crypto/pkcs7/Makefile.ssl +++ b/crypto/pkcs7/Makefile.ssl @@ -25,8 +25,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c -LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o +LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c pk7_mime.c +LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o pk7_mime.o SRC= $(LIBSRC) diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c new file mode 100644 index 0000000000..3b9c0fe3f2 --- /dev/null +++ b/crypto/pkcs7/pk7_attr.c @@ -0,0 +1,85 @@ +/* pk7_attr.c */ +/* S/MIME code. + * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com) + * All Rights Reserved. + * Redistribution of this code without the authors permission is expressly + * prohibited. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <openssl/bio.h> +#include <openssl/asn1.h> +#include <openssl/pem.h> +#include <openssl/pkcs7.h> +#include <openssl/err.h> + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap) +{ + ASN1_STRING *seq; + unsigned char *p, *pp; + int len; + len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); + if(!(pp=(unsigned char *)Malloc(len))) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + p=pp; + i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); + if(!(seq = ASN1_STRING_new())) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!ASN1_STRING_set (seq, pp, len)) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + Free (pp); + return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, seq); +} + +STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) +{ + ASN1_TYPE *cap; + unsigned char *p; + cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); + if (!cap) return NULL; + p = cap->value.sequence->data; + return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length, + (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL); +} + +/* Basic smime-capabilities OID and optional integer arg */ +int PKCS7_simple_smimecap(STACK *sk, int nid, int arg) +{ + X509_ALGOR *alg; + if(!(alg = X509_ALGOR_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = OBJ_nid2obj (nid); + if (arg > 0) { + ASN1_INTEGER *nbit; + if(!(alg->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!(nbit = ASN1_INTEGER_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!ASN1_INTEGER_set (nbit, arg)) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + alg->parameter->value.integer = nbit; + alg->parameter->type = V_ASN1_INTEGER; + } + sk_push (sk, (char *)alg); + return 1; +} diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 7feb01230e..acc9cc4a47 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -61,6 +61,7 @@ #include <openssl/rand.h> #include <openssl/objects.h> #include <openssl/x509.h> +#include <openssl/x509v3.h> static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value); @@ -680,6 +681,7 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, /* Lets verify */ X509_STORE_CTX_init(ctx,cert_store,x509,cert); + X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); i=X509_verify_cert(ctx); if (i <= 0) { diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c new file mode 100644 index 0000000000..f346259b92 --- /dev/null +++ b/crypto/pkcs7/pk7_mime.c @@ -0,0 +1,673 @@ +/* pk7_mime.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <ctype.h> +#include "cryptlib.h" +#include <openssl/rand.h> +#include <openssl/x509.h> + +/* MIME and related routines */ + +/* MIME format structures + * Note that all are translated to lower case apart from + * parameter values. Quotes are stripped off + */ + +typedef struct { +char *name; /* Name of line e.g. "content-type" */ +char *value; /* Value of line e.g. "text/plain" */ +STACK /* MIME_PARAM */ *params; /* Zero or more parameters */ +} MIME_HEADER; + +typedef struct { +char *param_name; /* Param name e.g. "micalg" */ +char *param_value; /* Param value e.g. "sha1" */ +} MIME_PARAM; + + +static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); +static PKCS7 *B64_read_PKCS7(BIO *bio); +static char * strip_ends(char *name); +static char * strip_start(char *name); +static char * strip_end(char *name); +static MIME_HEADER *mime_hdr_new(char *name, char *value); +static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); +static STACK *mime_parse_hdr(BIO *bio); +static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b); +static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b); +static void mime_param_free(MIME_PARAM *param); +static int mime_bound_check(char *line, int linelen, char *bound, int blen); +static int multi_split(BIO *bio, char *bound, STACK **ret); +static int iscrlf(char c); +static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name); +static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); +static void mime_hdr_free(MIME_HEADER *hdr); + +#define MAX_SMLEN 1024 +#define mime_debug(x) /* x */ + + +typedef void (*stkfree)(); + +/* Base 64 read and write of PKCS#7 structure */ + +static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) +{ + BIO *b64; + if(!(b64 = BIO_new(BIO_f_base64()))) { + PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE); + return 0; + } + bio = BIO_push(b64, bio); + i2d_PKCS7_bio(bio, p7); + BIO_flush(bio); + bio = BIO_pop(bio); + BIO_free(b64); + return 1; +} + +static PKCS7 *B64_read_PKCS7(BIO *bio) +{ + BIO *b64; + PKCS7 *p7; + if(!(b64 = BIO_new(BIO_f_base64()))) { + PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE); + return 0; + } + bio = BIO_push(b64, bio); + if(!(p7 = d2i_PKCS7_bio(bio, NULL))) + PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); + BIO_flush(bio); + bio = BIO_pop(bio); + BIO_free(b64); + return p7; +} + +/* SMIME sender */ + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) +{ + char linebuf[MAX_SMLEN]; + char bound[33], c; + int i; + if((flags & PKCS7_DETACHED) && data) { + /* We want multipart/signed */ + /* Generate a random boundary */ + RAND_bytes((unsigned char *)bound, 32); + for(i = 0; i < 32; i++) { + c = bound[i] & 0xf; + if(c < 10) c += '0'; + else c += 'A' - 10; + bound[i] = c; + } + bound[32] = 0; + BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "Content-Type: multipart/signed ; "); + BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; "); + BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound); + BIO_printf(bio, "This is an S/MIME signed message\n\n"); + /* Now write out the first part */ + BIO_printf(bio, "------%s\r\n", bound); + if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); + while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) + BIO_write(bio, linebuf, i); + BIO_printf(bio, "\n------%s\n", bound); + + /* Headers for signature */ + + BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); + BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); + BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); + B64_write_PKCS7(bio, p7); + BIO_printf(bio,"\n------%s--\n\n", bound); + return 1; + } + /* MIME headers */ + BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); + BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); + BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); + B64_write_PKCS7(bio, p7); + BIO_printf(bio, "\n"); + return 1; +} + +/* SMIME reader: handle multipart/signed and opaque signing. + * in multipart case the content is placed in a memory BIO + * pointed to by "bcont". In opaque this is set to NULL + */ + +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) +{ + BIO *p7in; + STACK *headers = NULL; + STACK *parts = NULL; + MIME_HEADER *hdr; + MIME_PARAM *prm; + PKCS7 *p7; + int ret; + + if(bcont) *bcont = NULL; + + if (!(headers = mime_parse_hdr(bio))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR); + return NULL; + } + + if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE); + return NULL; + } + + /* Handle multipart/signed */ + + if(!strcmp(hdr->value, "multipart/signed")) { + /* Split into two parts */ + prm = mime_param_find(hdr, "boundary"); + if(!prm || !prm->param_value) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY); + return NULL; + } + ret = multi_split(bio, prm->param_value, &parts); + sk_pop_free(headers, mime_hdr_free); + if(!ret || (sk_num(parts) != 2) ) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + + /* Parse the signature piece */ + p7in = (BIO *)sk_value(parts, 1); + + if (!(headers = mime_parse_hdr(p7in))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + + /* Get content type */ + + if(!(hdr = mime_hdr_find(headers, "content-type")) || + !hdr->value) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE); + return NULL; + } + + if(strcmp(hdr->value, "application/x-pkcs7-signature") && + strcmp(hdr->value, "application/pkcs7-signature")) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + sk_pop_free(headers, mime_hdr_free); + /* Read in PKCS#7 */ + if(!(p7 = B64_read_PKCS7(p7in))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + + if(bcont) { + *bcont = (BIO *)sk_value(parts, 0); + BIO_free(p7in); + sk_free(parts); + } else sk_pop_free(parts, (stkfree)BIO_free); + return p7; + } + + /* OK, if not multipart/signed try opaque signature */ + + if (strcmp (hdr->value, "application/x-pkcs7-mime") && + strcmp (hdr->value, "application/pkcs7-mime")) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_pop_free(headers, mime_hdr_free); + return NULL; + } + + sk_pop_free(headers, mime_hdr_free); + + if(!(p7 = B64_read_PKCS7(bio))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR); + return NULL; + } + return p7; + +} + +/* Copy text from one BIO to another making the output CRLF at EOL */ +int SMIME_crlf_copy(BIO *in, BIO *out, int flags) +{ + char eol; + int len; + char linebuf[MAX_SMLEN]; + if(flags & PKCS7_BINARY) { + while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) + BIO_write(out, linebuf, len); + return 1; + } + if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { + eol = 0; + while(iscrlf(linebuf[len - 1])) { + len--; + eol = 1; + } + BIO_write(out, linebuf, len); + if(eol) BIO_write(out, "\r\n", 2); + } + return 1; +} + +/* Strip off headers if they are text/plain */ +int SMIME_text(BIO *in, BIO *out) +{ + char iobuf[4096]; + int len; + STACK *headers; + MIME_HEADER *hdr; + if (!(headers = mime_parse_hdr(in))) { + PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); + return 0; + } + if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); + sk_pop_free(headers, mime_hdr_free); + return 0; + } + if (strcmp (hdr->value, "text/plain")) { + PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_pop_free(headers, mime_hdr_free); + return 0; + } + sk_pop_free(headers, mime_hdr_free); + while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) + BIO_write(out, iobuf, len); + return 1; +} + +/* Split a multipart/XXX message body into component parts: result is + * canonical parts in a STACK of bios + */ + +static int multi_split(BIO *bio, char *bound, STACK **ret) +{ + char linebuf[MAX_SMLEN]; + int len, blen; + BIO *bpart = NULL; + STACK *parts; + char state, part, first; + blen = strlen(bound); + part = 0; + state = 0; + first = 1; + parts = sk_new(NULL); + *ret = parts; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + state = mime_bound_check(linebuf, len, bound, blen); + if(state == 1) { + first = 1; + part++; + } else if(state == 2) { + sk_push(parts, (char *)bpart); + return 1; + } else if(part) { + if(first) { + first = 0; + if(bpart) sk_push(parts, (char *)bpart); + bpart = BIO_new(BIO_s_mem()); + + } else BIO_write(bpart, "\r\n", 2); + /* Strip CR+LF from linebuf */ + while(iscrlf(linebuf[len - 1])) len--; + BIO_write(bpart, linebuf, len); + } + } + return 0; +} + +static int iscrlf(char c) +{ + if(c == '\r' || c == '\n') return 1; + return 0; +} + +/* This is the big one: parse MIME header lines up to message body */ + +#define MIME_INVALID 0 +#define MIME_START 1 +#define MIME_TYPE 2 +#define MIME_NAME 3 +#define MIME_VALUE 4 +#define MIME_QUOTE 5 +#define MIME_COMMENT 6 + + +static STACK *mime_parse_hdr(BIO *bio) +{ + char *p, *q, c; + char *ntmp; + char linebuf[MAX_SMLEN]; + MIME_HEADER *mhdr = NULL; + STACK *headers; + int len, state, save_state = 0; + headers = sk_new(mime_hdr_cmp); + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + /* If whitespace at line start then continuation line */ + if(mhdr && isspace(linebuf[0])) state = MIME_NAME; + else state = MIME_START; + ntmp = NULL; + /* Go through all characters */ + for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { + + /* State machine to handle MIME headers + * if this looks horrible that's because it *is* + */ + + switch(state) { + case MIME_START: + if(c == ':') { + state = MIME_TYPE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break; + + case MIME_TYPE: + if(c == ';') { + mime_debug("Found End Value\n"); + *p = 0; + mhdr = mime_hdr_new(ntmp, strip_ends(q)); + sk_push(headers, (char *)mhdr); + ntmp = NULL; + q = p + 1; + state = MIME_NAME; + } else if(c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_COMMENT: + if(c == ')') { + state = save_state; + } + break; + + case MIME_NAME: + if(c == '=') { + state = MIME_VALUE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break ; + + case MIME_VALUE: + if(c == ';') { + state = MIME_NAME; + *p = 0; + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + ntmp = NULL; + q = p + 1; + } else if (c == '"') { + mime_debug("Found Quote\n"); + state = MIME_QUOTE; + } else if(c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_QUOTE: + if(c == '"') { + mime_debug("Found Match Quote\n"); + state = MIME_VALUE; + } + break; + } + } + + if(state == MIME_TYPE) { + mhdr = mime_hdr_new(ntmp, strip_ends(q)); + sk_push(headers, (char *)mhdr); + } else if(state == MIME_VALUE) + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + if(p == linebuf) break; /* Blank line means end of headers */ +} + +return headers; + +} + +static char *strip_ends(char *name) +{ + return strip_end(strip_start(name)); +} + +/* Strip a parameter of whitespace from start of param */ +static char *strip_start(char *name) +{ + char *p, c; + /* Look for first non white space or quote */ + for(p = name; (c = *p) ;p++) { + if(c == '"') { + /* Next char is start of string if non null */ + if(p[1]) return p + 1; + /* Else null string */ + return NULL; + } + if(!isspace(c)) return p; + } + return NULL; +} + +/* As above but strip from end of string : maybe should handle brackets? */ +static char *strip_end(char *name) +{ + char *p, c; + if(!name) return NULL; + /* Look for first non white space or quote */ + for(p = name + strlen(name) - 1; p >= name ;p--) { + c = *p; + if(c == '"') { + if(p - 1 == name) return NULL; + *p = 0; + return name; + } + if(isspace(c)) *p = 0; + else return name; + } + return NULL; +} + +static MIME_HEADER *mime_hdr_new(char *name, char *value) +{ + MIME_HEADER *mhdr; + char *tmpname, *tmpval, *p; + int c; + if(name) { + if(!(tmpname = BUF_strdup(name))) return NULL; + for(p = tmpname ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpname = NULL; + if(value) { + if(!(tmpval = BUF_strdup(value))) return NULL; + for(p = tmpval ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpval = NULL; + mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER)); + if(!mhdr) return NULL; + mhdr->name = tmpname; + mhdr->value = tmpval; + if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL; + return mhdr; +} + +static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) +{ + char *tmpname, *tmpval, *p; + int c; + MIME_PARAM *mparam; + if(name) { + tmpname = BUF_strdup(name); + if(!tmpname) return 0; + for(p = tmpname ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpname = NULL; + if(value) { + tmpval = BUF_strdup(value); + if(!tmpval) return 0; + } else tmpval = NULL; + /* Paramter values are case sensitive so leave as is */ + mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM)); + if(!mparam) return 0; + mparam->param_name = tmpname; + mparam->param_value = tmpval; + sk_push(mhdr->params, (char *)mparam); + return 1; +} + +static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b) +{ + return(strcmp((*a)->name, (*b)->name)); +} + +static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b) +{ + return(strcmp((*a)->param_name, (*b)->param_name)); +} + +/* Find a header with a given name (if possible) */ + +static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name) +{ + MIME_HEADER htmp; + int idx; + htmp.name = name; + idx = sk_find(hdrs, (char *)&htmp); + if(idx < 0) return NULL; + return (MIME_HEADER *)sk_value(hdrs, idx); +} + +static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) +{ + MIME_PARAM param; + int idx; + param.param_name = name; + idx = sk_find(hdr->params, (char *)¶m); + if(idx < 0) return NULL; + return (MIME_PARAM *)sk_value(hdr->params, idx); +} + +static void mime_hdr_free(MIME_HEADER *hdr) +{ + if(hdr->name) Free(hdr->name); + if(hdr->value) Free(hdr->value); + if(hdr->params) sk_pop_free(hdr->params, mime_param_free); + Free((char *)hdr); +} + +static void mime_param_free(MIME_PARAM *param) +{ + if(param->param_name) Free(param->param_name); + if(param->param_value) Free(param->param_value); + Free((char *)param); +} + +/* Check for a multipart boundary. Returns: + * 0 : no boundary + * 1 : part boundary + * 2 : final boundary + */ +static int mime_bound_check(char *line, int linelen, char *bound, int blen) +{ + if(linelen == -1) linelen = strlen(line); + if(blen == -1) blen = strlen(bound); + /* Quickly eliminate if line length too short */ + if(blen + 2 > linelen) return 0; + /* Check for part boundary */ + if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { + if(!strncmp(line + blen + 2, "--", 2)) return 2; + else return 1; + } + return 0; +} diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c new file mode 100644 index 0000000000..58bf2d7d28 --- /dev/null +++ b/crypto/pkcs7/pk7_smime.c @@ -0,0 +1,392 @@ +/* pk7_smime.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Simple PKCS#7 processing functions */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/x509.h> +#include <openssl/x509v3.h> + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags) +{ + PKCS7 *p7; + PKCS7_SIGNER_INFO *si; + BIO *p7bio; + STACK *smcap; + int i; + + if(!X509_check_private_key(signcert, pkey)) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } + + if(!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } + + PKCS7_set_type(p7, NID_pkcs7_signed); + + PKCS7_content_new(p7, NID_pkcs7_data); + + if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + return NULL; + } + + if(!(flags & PKCS7_NOCERTS)) { + PKCS7_add_certificate(p7, signcert); + if(certs) for(i = 0; i < sk_X509_num(certs); i++) + PKCS7_add_certificate(p7, sk_X509_value(certs, i)); + } + + if(!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } + + + SMIME_crlf_copy(data, p7bio, flags); + + if(!(flags & PKCS7_NOATTR)) { + PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); + /* Add SMIMECapabilities */ + if(!(smcap = sk_new(NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } +#ifndef NO_DES + PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1); + PKCS7_simple_smimecap (smcap, NID_des_cbc, -1); +#endif +#ifndef NO_RC2 + PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); + PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128); + PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64); +#endif + PKCS7_add_attrib_smimecap (si, smcap); + sk_pop_free(smcap, X509_ALGOR_free); + } + + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); + + if (!PKCS7_dataFinal(p7,p7bio)) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); + return NULL; + } + + BIO_free_all(p7bio); + return p7; +} + +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags) +{ + STACK_OF(X509) *signers; + X509 *signer; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; + PKCS7_ISSUER_AND_SERIAL *ias; + X509_STORE_CTX cert_ctx; + char buf[4096]; + int i, j=0; + BIO *p7bio; + BIO *tmpout; + + if(OBJ_obj2nid(p7->type) != NID_pkcs7_signed) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); + return 0; + } + + /* Check for no data and no content: no data to verify signature */ + if(PKCS7_get_detached(p7) && !indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); + return 0; + } + + /* Check for data and content: two sets of data */ + if(!PKCS7_get_detached(p7) && indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); + return 0; + } + + sinfos = PKCS7_get_signer_info(p7); + + if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); + return 0; + } + + + if(!(signers = sk_X509_new(NULL))) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + return 0; + } + + /* Collect all the signers together */ + + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) + { + si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + ias = si->issuer_and_serial; + signer = NULL; + /* If any certificates passed they take priority */ + if (certs) signer = X509_find_by_issuer_and_serial (certs, + ias->issuer, ias->serial); + if (!signer && !(flags & PKCS7_NOINTERN) + && p7->d.sign->cert) signer = + X509_find_by_issuer_and_serial (p7->d.sign->cert, + ias->issuer, ias->serial); + if (!signer) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); + sk_X509_free(signers); + return 0; + } + + sk_X509_push(signers, signer); + } + + + /* Now verify the certificates */ + + if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) { + signer = sk_X509_value (signers, i); + if (!(flags & PKCS7_NOCHAIN)) { + X509_STORE_CTX_init(&cert_ctx, store, signer, + p7->d.sign->cert); + X509_STORE_CTX_set_purpose(&cert_ctx, + X509_PURPOSE_SMIME_SIGN); + } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL); + i = X509_verify_cert(&cert_ctx); + if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); + X509_STORE_CTX_cleanup(&cert_ctx); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", < |