summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/pkcs12/pk12err.c2
-rw-r--r--crypto/pkcs7/Makefile.ssl4
-rw-r--r--crypto/pkcs7/pk7_attr.c85
-rw-r--r--crypto/pkcs7/pk7_doit.c2
-rw-r--r--crypto/pkcs7/pk7_mime.c673
-rw-r--r--crypto/pkcs7/pk7_smime.c392
-rw-r--r--crypto/pkcs7/pkcs7.h75
-rw-r--r--crypto/pkcs7/pkcs7err.c35
8 files changed, 1265 insertions, 3 deletions
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
index 00140a4779..9d8de10e1e 100644
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -79,7 +79,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
-{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_NEWPASS"},
+{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl
index ea60491529..b57c68fd36 100644
--- a/crypto/pkcs7/Makefile.ssl
+++ b/crypto/pkcs7/Makefile.ssl
@@ -25,8 +25,8 @@ TEST=
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c
-LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o
+LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c pk7_mime.c
+LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o pk7_mime.o
SRC= $(LIBSRC)
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
new file mode 100644
index 0000000000..3b9c0fe3f2
--- /dev/null
+++ b/crypto/pkcs7/pk7_attr.c
@@ -0,0 +1,85 @@
+/* pk7_attr.c */
+/* S/MIME code.
+ * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com)
+ * All Rights Reserved.
+ * Redistribution of this code without the authors permission is expressly
+ * prohibited.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
+{
+ ASN1_STRING *seq;
+ unsigned char *p, *pp;
+ int len;
+ len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+ if(!(pp=(unsigned char *)Malloc(len))) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ p=pp;
+ i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+ if(!(seq = ASN1_STRING_new())) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!ASN1_STRING_set (seq, pp, len)) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ Free (pp);
+ return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+ V_ASN1_SEQUENCE, seq);
+}
+
+STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
+ ASN1_TYPE *cap;
+ unsigned char *p;
+ cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+ if (!cap) return NULL;
+ p = cap->value.sequence->data;
+ return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length,
+ (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL);
+}
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
+{
+ X509_ALGOR *alg;
+ if(!(alg = X509_ALGOR_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ASN1_OBJECT_free(alg->algorithm);
+ alg->algorithm = OBJ_nid2obj (nid);
+ if (arg > 0) {
+ ASN1_INTEGER *nbit;
+ if(!(alg->parameter = ASN1_TYPE_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!(nbit = ASN1_INTEGER_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!ASN1_INTEGER_set (nbit, arg)) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ alg->parameter->value.integer = nbit;
+ alg->parameter->type = V_ASN1_INTEGER;
+ }
+ sk_push (sk, (char *)alg);
+ return 1;
+}
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 7feb01230e..acc9cc4a47 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -61,6 +61,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include <openssl/x509v3.h>
static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
void *value);
@@ -680,6 +681,7 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
/* Lets verify */
X509_STORE_CTX_init(ctx,cert_store,x509,cert);
+ X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
i=X509_verify_cert(ctx);
if (i <= 0)
{
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
new file mode 100644
index 0000000000..f346259b92
--- /dev/null
+++ b/crypto/pkcs7/pk7_mime.c
@@ -0,0 +1,673 @@
+/* pk7_mime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+
+/* MIME and related routines */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *name; /* Name of line e.g. "content-type" */
+char *value; /* Value of line e.g. "text/plain" */
+STACK /* MIME_PARAM */ *params; /* Zero or more parameters */
+} MIME_HEADER;
+
+typedef struct {
+char *param_name; /* Param name e.g. "micalg" */
+char *param_value; /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
+static PKCS7 *B64_read_PKCS7(BIO *bio);
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);
+static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK **ret);
+static int iscrlf(char c);
+static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+
+typedef void (*stkfree)();
+
+/* Base 64 read and write of PKCS#7 structure */
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
+{
+ BIO *b64;
+ if(!(b64 = BIO_new(BIO_f_base64()))) {
+ PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ bio = BIO_push(b64, bio);
+ i2d_PKCS7_bio(bio, p7);
+ BIO_flush(bio);
+ bio = BIO_pop(bio);
+ BIO_free(b64);
+ return 1;
+}
+
+static PKCS7 *B64_read_PKCS7(BIO *bio)
+{
+ BIO *b64;
+ PKCS7 *p7;
+ if(!(b64 = BIO_new(BIO_f_base64()))) {
+ PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ bio = BIO_push(b64, bio);
+ if(!(p7 = d2i_PKCS7_bio(bio, NULL)))
+ PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
+ BIO_flush(bio);
+ bio = BIO_pop(bio);
+ BIO_free(b64);
+ return p7;
+}
+
+/* SMIME sender */
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+ char linebuf[MAX_SMLEN];
+ char bound[33], c;
+ int i;
+ if((flags & PKCS7_DETACHED) && data) {
+ /* We want multipart/signed */
+ /* Generate a random boundary */
+ RAND_bytes((unsigned char *)bound, 32);
+ for(i = 0; i < 32; i++) {
+ c = bound[i] & 0xf;
+ if(c < 10) c += '0';
+ else c += 'A' - 10;
+ bound[i] = c;
+ }
+ bound[32] = 0;
+ BIO_printf(bio, "MIME-Version: 1.0\n");
+ BIO_printf(bio, "Content-Type: multipart/signed ; ");
+ BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; ");
+ BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
+ BIO_printf(bio, "This is an S/MIME signed message\n\n");
+ /* Now write out the first part */
+ BIO_printf(bio, "------%s\r\n", bound);
+ if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
+ while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0)
+ BIO_write(bio, linebuf, i);
+ BIO_printf(bio, "\n------%s\n", bound);
+
+ /* Headers for signature */
+
+ BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
+ BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
+ BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
+ B64_write_PKCS7(bio, p7);
+ BIO_printf(bio,"\n------%s--\n\n", bound);
+ return 1;
+ }
+ /* MIME headers */
+ BIO_printf(bio, "MIME-Version: 1.0\n");
+ BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
+ BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
+ BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
+ B64_write_PKCS7(bio, p7);
+ BIO_printf(bio, "\n");
+ return 1;
+}
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+ BIO *p7in;
+ STACK *headers = NULL;
+ STACK *parts = NULL;
+ MIME_HEADER *hdr;
+ MIME_PARAM *prm;
+ PKCS7 *p7;
+ int ret;
+
+ if(bcont) *bcont = NULL;
+
+ if (!(headers = mime_parse_hdr(bio))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
+ return NULL;
+ }
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
+ return NULL;
+ }
+
+ /* Handle multipart/signed */
+
+ if(!strcmp(hdr->value, "multipart/signed")) {
+ /* Split into two parts */
+ prm = mime_param_find(hdr, "boundary");
+ if(!prm || !prm->param_value) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
+ return NULL;
+ }
+ ret = multi_split(bio, prm->param_value, &parts);
+ sk_pop_free(headers, mime_hdr_free);
+ if(!ret || (sk_num(parts) != 2) ) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+
+ /* Parse the signature piece */
+ p7in = (BIO *)sk_value(parts, 1);
+
+ if (!(headers = mime_parse_hdr(p7in))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+
+ /* Get content type */
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+ !hdr->value) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
+ return NULL;
+ }
+
+ if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+ strcmp(hdr->value, "application/pkcs7-signature")) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+ sk_pop_free(headers, mime_hdr_free);
+ /* Read in PKCS#7 */
+ if(!(p7 = B64_read_PKCS7(p7in))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+
+ if(bcont) {
+ *bcont = (BIO *)sk_value(parts, 0);
+ BIO_free(p7in);
+ sk_free(parts);
+ } else sk_pop_free(parts, (stkfree)BIO_free);
+ return p7;
+ }
+
+ /* OK, if not multipart/signed try opaque signature */
+
+ if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+ strcmp (hdr->value, "application/pkcs7-mime")) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_pop_free(headers, mime_hdr_free);
+ return NULL;
+ }
+
+ sk_pop_free(headers, mime_hdr_free);
+
+ if(!(p7 = B64_read_PKCS7(bio))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
+ return NULL;
+ }
+ return p7;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+ char eol;
+ int len;
+ char linebuf[MAX_SMLEN];
+ if(flags & PKCS7_BINARY) {
+ while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+ BIO_write(out, linebuf, len);
+ return 1;
+ }
+ if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+ while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+ eol = 0;
+ while(iscrlf(linebuf[len - 1])) {
+ len--;
+ eol = 1;
+ }
+ BIO_write(out, linebuf, len);
+ if(eol) BIO_write(out, "\r\n", 2);
+ }
+ return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+ char iobuf[4096];
+ int len;
+ STACK *headers;
+ MIME_HEADER *hdr;
+ if (!(headers = mime_parse_hdr(in))) {
+ PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
+ return 0;
+ }
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
+ sk_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ if (strcmp (hdr->value, "text/plain")) {
+ PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ sk_pop_free(headers, mime_hdr_free);
+ while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+ BIO_write(out, iobuf, len);
+ return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK **ret)
+{
+ char linebuf[MAX_SMLEN];
+ int len, blen;
+ BIO *bpart = NULL;
+ STACK *parts;
+ char state, part, first;
+ blen = strlen(bound);
+ part = 0;
+ state = 0;
+ first = 1;
+ parts = sk_new(NULL);
+ *ret = parts;
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ state = mime_bound_check(linebuf, len, bound, blen);
+ if(state == 1) {
+ first = 1;
+ part++;
+ } else if(state == 2) {
+ sk_push(parts, (char *)bpart);
+ return 1;
+ } else if(part) {
+ if(first) {
+ first = 0;
+ if(bpart) sk_push(parts, (char *)bpart);
+ bpart = BIO_new(BIO_s_mem());
+
+ } else BIO_write(bpart, "\r\n", 2);
+ /* Strip CR+LF from linebuf */
+ while(iscrlf(linebuf[len - 1])) len--;
+ BIO_write(bpart, linebuf, len);
+ }
+ }
+ return 0;
+}
+
+static int iscrlf(char c)
+{
+ if(c == '\r' || c == '\n') return 1;
+ return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID 0
+#define MIME_START 1
+#define MIME_TYPE 2
+#define MIME_NAME 3
+#define MIME_VALUE 4
+#define MIME_QUOTE 5
+#define MIME_COMMENT 6
+
+
+static STACK *mime_parse_hdr(BIO *bio)
+{
+ char *p, *q, c;
+ char *ntmp;
+ char linebuf[MAX_SMLEN];
+ MIME_HEADER *mhdr = NULL;
+ STACK *headers;
+ int len, state, save_state = 0;
+ headers = sk_new(mime_hdr_cmp);
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ /* If whitespace at line start then continuation line */
+ if(mhdr && isspace(linebuf[0])) state = MIME_NAME;
+ else state = MIME_START;
+ ntmp = NULL;
+ /* Go through all characters */
+ for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+ /* State machine to handle MIME headers
+ * if this looks horrible that's because it *is*
+ */
+
+ switch(state) {
+ case MIME_START:
+ if(c == ':') {
+ state = MIME_TYPE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break;
+
+ case MIME_TYPE:
+ if(c == ';') {
+ mime_debug("Found End Value\n");
+ *p = 0;
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_push(headers, (char *)mhdr);
+ ntmp = NULL;
+ q = p + 1;
+ state = MIME_NAME;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_COMMENT:
+ if(c == ')') {
+ state = save_state;
+ }
+ break;
+
+ case MIME_NAME:
+ if(c == '=') {
+ state = MIME_VALUE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break ;
+
+ case MIME_VALUE:
+ if(c == ';') {
+ state = MIME_NAME;
+ *p = 0;
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ ntmp = NULL;
+ q = p + 1;
+ } else if (c == '"') {
+ mime_debug("Found Quote\n");
+ state = MIME_QUOTE;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_QUOTE:
+ if(c == '"') {
+ mime_debug("Found Match Quote\n");
+ state = MIME_VALUE;
+ }
+ break;
+ }
+ }
+
+ if(state == MIME_TYPE) {
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_push(headers, (char *)mhdr);
+ } else if(state == MIME_VALUE)
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+ return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+ char *p, c;
+ /* Look for first non white space or quote */
+ for(p = name; (c = *p) ;p++) {
+ if(c == '"') {
+ /* Next char is start of string if non null */
+ if(p[1]) return p + 1;
+ /* Else null string */
+ return NULL;
+ }
+ if(!isspace(c)) return p;
+ }
+ return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+ char *p, c;
+ if(!name) return NULL;
+ /* Look for first non white space or quote */
+ for(p = name + strlen(name) - 1; p >= name ;p--) {
+ c = *p;
+ if(c == '"') {
+ if(p - 1 == name) return NULL;
+ *p = 0;
+ return name;
+ }
+ if(isspace(c)) *p = 0;
+ else return name;
+ }
+ return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+ MIME_HEADER *mhdr;
+ char *tmpname, *tmpval, *p;
+ int c;
+ if(name) {
+ if(!(tmpname = BUF_strdup(name))) return NULL;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ if(!(tmpval = BUF_strdup(value))) return NULL;
+ for(p = tmpval ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpval = NULL;
+ mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER));
+ if(!mhdr) return NULL;
+ mhdr->name = tmpname;
+ mhdr->value = tmpval;
+ if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL;
+ return mhdr;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+ char *tmpname, *tmpval, *p;
+ int c;
+ MIME_PARAM *mparam;
+ if(name) {
+ tmpname = BUF_strdup(name);
+ if(!tmpname) return 0;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ tmpval = BUF_strdup(value);
+ if(!tmpval) return 0;
+ } else tmpval = NULL;
+ /* Paramter values are case sensitive so leave as is */
+ mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
+ if(!mparam) return 0;
+ mparam->param_name = tmpname;
+ mparam->param_value = tmpval;
+ sk_push(mhdr->params, (char *)mparam);
+ return 1;
+}
+
+static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)
+{
+ return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)
+{
+ return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name)
+{
+ MIME_HEADER htmp;
+ int idx;
+ htmp.name = name;
+ idx = sk_find(hdrs, (char *)&htmp);
+ if(idx < 0) return NULL;
+ return (MIME_HEADER *)sk_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+ MIME_PARAM param;
+ int idx;
+ param.param_name = name;
+ idx = sk_find(hdr->params, (char *)&param);
+ if(idx < 0) return NULL;
+ return (MIME_PARAM *)sk_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+ if(hdr->name) Free(hdr->name);
+ if(hdr->value) Free(hdr->value);
+ if(hdr->params) sk_pop_free(hdr->params, mime_param_free);
+ Free((char *)hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+ if(param->param_name) Free(param->param_name);
+ if(param->param_value) Free(param->param_value);
+ Free((char *)param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+ if(linelen == -1) linelen = strlen(line);
+ if(blen == -1) blen = strlen(bound);
+ /* Quickly eliminate if line length too short */
+ if(blen + 2 > linelen) return 0;
+ /* Check for part boundary */
+ if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+ if(!strncmp(line + blen + 2, "--", 2)) return 2;
+ else return 1;
+ }
+ return 0;
+}
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
new file mode 100644
index 0000000000..58bf2d7d28
--- /dev/null
+++ b/crypto/pkcs7/pk7_smime.c
@@ -0,0 +1,392 @@
+/* pk7_smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, int flags)
+{
+ PKCS7 *p7;
+ PKCS7_SIGNER_INFO *si;
+ BIO *p7bio;
+ STACK *smcap;
+ int i;
+
+ if(!X509_check_private_key(signcert, pkey)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ return NULL;
+ }
+
+ if(!(p7 = PKCS7_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ PKCS7_set_type(p7, NID_pkcs7_signed);
+
+ PKCS7_content_new(p7, NID_pkcs7_data);
+
+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+ return NULL;
+ }
+
+ if(!(flags & PKCS7_NOCERTS)) {
+ PKCS7_add_certificate(p7, signcert);
+ if(certs) for(i = 0; i < sk_X509_num(certs); i++)
+ PKCS7_add_certificate(p7, sk_X509_value(certs, i));
+ }
+
+ if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+
+ SMIME_crlf_copy(data, p7bio, flags);
+
+ if(!(flags & PKCS7_NOATTR)) {
+ PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+ V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
+ /* Add SMIMECapabilities */
+ if(!(smcap = sk_new(NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+#ifndef NO_DES
+ PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
+ PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
+#endif
+#ifndef NO_RC2
+ PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
+ PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
+ PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
+#endif
+ PKCS7_add_attrib_smimecap (si, smcap);
+ sk_pop_free(smcap, X509_ALGOR_free);
+ }
+
+ if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
+
+ if (!PKCS7_dataFinal(p7,p7bio)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
+ return NULL;
+ }
+
+ BIO_free_all(p7bio);
+ return p7;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+ BIO *indata, BIO *out, int flags)
+{
+ STACK_OF(X509) *signers;
+ X509 *signer;
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ PKCS7_ISSUER_AND_SERIAL *ias;
+ X509_STORE_CTX cert_ctx;
+ char buf[4096];
+ int i, j=0;
+ BIO *p7bio;
+ BIO *tmpout;
+
+ if(OBJ_obj2nid(p7->type) != NID_pkcs7_signed) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
+ return 0;
+ }
+
+ /* Check for no data and no content: no data to verify signature */
+ if(PKCS7_get_detached(p7) && !indata) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+
+ /* Check for data and content: two sets of data */
+ if(!PKCS7_get_detached(p7) && indata) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
+ return 0;
+ }
+
+ sinfos = PKCS7_get_signer_info(p7);
+
+ if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
+ return 0;
+ }
+
+
+ if(!(signers = sk_X509_new(NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ /* Collect all the signers together */
+
+ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+ {
+ si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+ ias = si->issuer_and_serial;
+ signer = NULL;
+ /* If any certificates passed they take priority */
+ if (certs) signer = X509_find_by_issuer_and_serial (certs,
+ ias->issuer, ias->serial);
+ if (!signer && !(flags & PKCS7_NOINTERN)
+ && p7->d.sign->cert) signer =
+ X509_find_by_issuer_and_serial (p7->d.sign->cert,
+ ias->issuer, ias->serial);
+ if (!signer) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ sk_X509_free(signers);
+ return 0;
+ }
+
+ sk_X509_push(signers, signer);
+ }
+
+
+ /* Now verify the certificates */
+
+ if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) {
+ signer = sk_X509_value (signers, i);
+ if (!(flags & PKCS7_NOCHAIN)) {
+ X509_STORE_CTX_init(&cert_ctx, store, signer,
+ p7->d.sign->cert);
+ X509_STORE_CTX_set_purpose(&cert_ctx,
+ X509_PURPOSE_SMIME_SIGN);
+ } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
+ i = X509_verify_cert(&cert_ctx);
+ if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
+ X509_STORE_CTX_cleanup(&cert_ctx);
+ if (i <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+ ERR_add_error_data(2, "Verify error:",
<