Merge in my S/MIME library and utility.
authorDr. Stephen Henson <steve@openssl.org>
Sun, 5 Dec 1999 00:40:59 +0000 (00:40 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 5 Dec 1999 00:40:59 +0000 (00:40 +0000)
13 files changed:
CHANGES
STATUS
apps/Makefile.ssl
apps/progs.h
apps/smime.c [new file with mode: 0644]
crypto/pkcs12/pk12err.c
crypto/pkcs7/Makefile.ssl
crypto/pkcs7/pk7_attr.c [new file with mode: 0644]
crypto/pkcs7/pk7_doit.c
crypto/pkcs7/pk7_mime.c [new file with mode: 0644]
crypto/pkcs7/pk7_smime.c [new file with mode: 0644]
crypto/pkcs7/pkcs7.h
crypto/pkcs7/pkcs7err.c

diff --git a/CHANGES b/CHANGES
index 247d65a001df52ee1554eb593e8f720f3c740084..5e1883f375082aca275c52d63c50119e9fb9a3ac 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Merge in my S/MIME library for OpenSSL. This provides a simple
+     S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
+     functionality to handle multipart/signed properly) and a utility
+     called 'smime' to call all this stuff. This is based on code I
+     originally wrote for Celo who have kindly allowed it to be
+     included in OpenSSL.
+     [Steve Henson]
+
   *) Add variants des_set_key_checked and des_set_key_unchecked of
      des_set_key (aka des_key_sched).  Global variable des_check_key
      decides which of these is called by des_set_key; this way
diff --git a/STATUS b/STATUS
index 786d689aa7d90ab1a757a2e7a276b170ff54c223..7aa79674dd8dc66963cf9491f1b352be6884b06b 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
 
   OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/11/11 13:58:22 $
+  ______________                           $Date: 1999/12/05 00:40:53 $
 
   DEVELOPMENT STATE
 
@@ -18,7 +18,6 @@
     o shared libraries <behnke@trustcenter.de>
     o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)
     o SMIME tool (demo), Sampo Kellomaki <sampo@iki.fi>
-    o OCSP patch, Massimiliano Pala (madwolf@openca.org)
     o CA.pl patch (Damien Miller)
     o FreeBSD 3.0 changes (Richard Levitte)
 
@@ -27,7 +26,7 @@
     o Steve is currently working on (in no particular order):
         Proper (or at least usable) certificate chain verification.
        Private key, certificate and CRL API and implementation.
-       Checking and bugfixing PKCS#7 (S/MIME code).
+       Developing and bugfixing PKCS#7 (S/MIME code).
         Various X509 issues: character sets, certificate request extensions.
        Documentation for the openssl utility.
 
index 439f50dcb5c3ed35a78a0bc6b1163a9957ef528e..372358511a0a8eb45eb4d78ef16976494046bef9 100644 (file)
@@ -38,7 +38,7 @@ E_EXE=        verify asn1pars req dgst dh enc gendh errstr ca crl \
        rsa dsa dsaparam \
        x509 genrsa gendsa s_server s_client speed \
        s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
-       pkcs8 spkac
+       pkcs8 spkac smime
 
 PROGS= $(PROGRAM).c
 
@@ -54,7 +54,7 @@ E_OBJ=        verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \
        rsa.o dsa.o dsaparam.o \
        x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
        s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
-       ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o
+       ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o
 
 #      pem_mail.o
 
@@ -63,7 +63,7 @@ E_SRC=        verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \
        rsa.c dsa.c dsaparam.c \
        x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
        s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
-       ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c
+       ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c
 
 #      pem_mail.c
 
index bd9e806bb79851f618b7fbca711be638979a6d96..e60df2a82161c474eb0dfd74a9964c861f69dafa 100644 (file)
@@ -29,6 +29,7 @@ extern int nseq_main(int argc,char *argv[]);
 extern int pkcs12_main(int argc,char *argv[]);
 extern int pkcs8_main(int argc,char *argv[]);
 extern int spkac_main(int argc,char *argv[]);
+extern int smime_main(int argc,char *argv[]);
 
 #ifdef SSLEAY_SRC  /* Defined only in openssl.c. */
 
@@ -96,6 +97,7 @@ FUNCTION functions[] = {
 #endif
        {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
        {FUNC_TYPE_GENERAL,"spkac",spkac_main},
+       {FUNC_TYPE_GENERAL,"smime",smime_main},
        {FUNC_TYPE_MD,"md2",dgst_main},
        {FUNC_TYPE_MD,"md5",dgst_main},
        {FUNC_TYPE_MD,"sha",dgst_main},
diff --git a/apps/smime.c b/apps/smime.c
new file mode 100644 (file)
index 0000000..75087ea
--- /dev/null
@@ -0,0 +1,446 @@
+/* smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include "apps.h"
+
+#undef PROG
+#define PROG smime_main
+static X509 *load_cert(char *file);
+static EVP_PKEY *load_key(char *file);
+static STACK_OF(X509) *load_certs(char *file);
+static X509_STORE *setup_verify(char *CAfile, char *CApath);
+
+#define SMIME_OP       0x10
+#define SMIME_ENCRYPT  (1 | SMIME_OP)
+#define SMIME_DECRYPT  2
+#define SMIME_SIGN     (3 | SMIME_OP)
+#define SMIME_VERIFY   4
+#define SMIME_PK7OUT   5
+
+int MAIN(int argc, char **argv)
+{
+       int operation = 0;
+       int ret = 0;
+       char **args;
+       char *inmode = "r", *outmode = "w";
+       char *infile = NULL, *outfile = NULL;
+       char *signerfile = NULL, *recipfile = NULL;
+       char *certfile = NULL, *keyfile = NULL;
+       EVP_CIPHER *cipher = NULL;
+       PKCS7 *p7 = NULL;
+       X509_STORE *store = NULL;
+       X509 *cert = NULL, *recip = NULL, *signer = NULL;
+       EVP_PKEY *key = NULL;
+       STACK_OF(X509) *encerts = NULL, *other = NULL;
+       BIO *in = NULL, *out = NULL, *indata = NULL;
+       int badarg = 0;
+       int flags = PKCS7_DETACHED;
+       char *to = NULL, *from = NULL, *subject = NULL;
+       char *CAfile = NULL, *CApath = NULL;
+
+       args = argv + 1;
+
+       ret = 1;
+
+       while (!badarg && *args && *args[0] == '-') {
+               if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
+               else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
+               else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
+               else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
+               else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
+               else if (!strcmp (*args, "-des3")) 
+                               cipher = EVP_des_ede3_cbc();
+               else if (!strcmp (*args, "-des")) 
+                               cipher = EVP_des_cbc();
+               else if (!strcmp (*args, "-rc2-40")) 
+                               cipher = EVP_rc2_40_cbc();
+               else if (!strcmp (*args, "-rc2-128")) 
+                               cipher = EVP_rc2_cbc();
+               else if (!strcmp (*args, "-rc2-64")) 
+                               cipher = EVP_rc2_64_cbc();
+               else if (!strcmp (*args, "-text")) 
+                               flags |= PKCS7_TEXT;
+               else if (!strcmp (*args, "-nointern")) 
+                               flags |= PKCS7_NOINTERN;
+               else if (!strcmp (*args, "-noverify")) 
+                               flags |= PKCS7_NOVERIFY;
+               else if (!strcmp (*args, "-nochain")) 
+                               flags |= PKCS7_NOCHAIN;
+               else if (!strcmp (*args, "-nocerts")) 
+                               flags |= PKCS7_NOCERTS;
+               else if (!strcmp (*args, "-noattr")) 
+                               flags |= PKCS7_NOATTR;
+               else if (!strcmp (*args, "-nodetach")) 
+                               flags &= ~PKCS7_DETACHED;
+               else if (!strcmp (*args, "-binary"))
+                               flags |= PKCS7_BINARY;
+               else if (!strcmp (*args, "-to")) {
+                       if (args[1]) {
+                               args++;
+                               to = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-from")) {
+                       if (args[1]) {
+                               args++;
+                               from = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-subject")) {
+                       if (args[1]) {
+                               args++;
+                               subject = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-signer")) {
+                       if (args[1]) {
+                               args++;
+                               signerfile = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-recip")) {
+                       if (args[1]) {
+                               args++;
+                               recipfile = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-inkey")) {
+                       if (args[1]) {
+                               args++;
+                               keyfile = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-certfile")) {
+                       if (args[1]) {
+                               args++;
+                               certfile = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-CAfile")) {
+                       if (args[1]) {
+                               args++;
+                               CAfile = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-CApath")) {
+                       if (args[1]) {
+                               args++;
+                               CApath = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-in")) {
+                       if (args[1]) {
+                               args++;
+                               infile = *args;
+                       } else badarg = 1;
+               } else if (!strcmp (*args, "-out")) {
+                       if (args[1]) {
+                               args++;
+                               outfile = *args;
+                       } else badarg = 1;
+               } else badarg = 1;
+               args++;
+       }
+
+       if(operation == SMIME_SIGN) {
+               if(!signerfile) {
+                       BIO_printf(bio_err, "No signer certificate specified\n");
+                       badarg = 1;
+               }
+       } else if(operation == SMIME_DECRYPT) {
+               if(!recipfile) {
+                       BIO_printf(bio_err, "No recipient certificate and key specified\n");
+                       badarg = 1;
+               }
+       } else if(operation == SMIME_ENCRYPT) {
+               if(!*args) {
+                       BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+                       badarg = 1;
+               }
+       } else if(!operation) badarg = 1;
+
+       if (badarg) {
+               BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
+               BIO_printf (bio_err, "where options are\n");
+               BIO_printf (bio_err, "-encrypt       encrypt message\n");
+               BIO_printf (bio_err, "-decrypt       decrypt encrypted message\n");
+               BIO_printf (bio_err, "-sign          sign message\n");
+               BIO_printf (bio_err, "-verify        verify signed message\n");
+               BIO_printf (bio_err, "-pk7out        output PKCS#7 structure\n");
+               BIO_printf (bio_err, "-des3          encrypt with triple DES\n");
+               BIO_printf (bio_err, "-rc2-40        encrypt with RC2-40\n");
+               BIO_printf (bio_err, "-rc2-64        encrypt with RC2-64\n");
+               BIO_printf (bio_err, "-rc2-128       encrypt with RC2-128\n");
+               BIO_printf (bio_err, "-in file       input file\n");
+               BIO_printf (bio_err, "-certfile file other certificates file\n");
+               BIO_printf (bio_err, "-signer file   signer certificate file\n");
+               BIO_printf (bio_err, "-recip  file   recipient certificate file\n");
+               BIO_printf (bio_err, "-in file       input file\n");
+               BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
+               BIO_printf (bio_err, "-out file      output file\n");
+               BIO_printf (bio_err, "-to addr       to address\n");
+               BIO_printf (bio_err, "-from ad       from address\n");
+               BIO_printf (bio_err, "-subject s     subject\n");
+               BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+               BIO_printf (bio_err, "cert.pem       recipient certificate(s)\n");
+               goto end;
+       }
+
+       ret = 2;
+
+       if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
+
+       if(flags & PKCS7_BINARY) {
+               if(operation & SMIME_OP) inmode = "rb";
+               else outmode = "rb";
+       }
+
+       if(operation == SMIME_ENCRYPT) {
+               if (!cipher) cipher = EVP_rc2_40_cbc();
+               while (*args) {
+                       encerts = sk_X509_new_null();
+                       if(!(cert = load_cert(*args))) {
+                               BIO_printf(bio_err, "Can't read recipent certificate file %s\n", *args);
+                               goto end;
+                       }
+                       sk_X509_push (encerts, cert);
+                       cert = NULL;
+                       args++;
+               }
+       }
+
+       if(signerfile) {
+               if(!(signer = load_cert(signerfile))) {
+                       BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+                       goto end;
+               }
+       }
+
+       if(certfile) {
+               if(!(other = load_certs(certfile))) {
+                       BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+                       ERR_print_errors(bio_err);
+                       goto end;
+               }
+       }
+
+       if(recipfile) {
+               if(!(recip = load_cert(recipfile))) {
+                       BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+                       ERR_print_errors(bio_err);
+                       goto end;
+               }
+       }
+
+       if(operation == SMIME_DECRYPT) {
+               if(!keyfile) keyfile = recipfile;
+       } else if(operation == SMIME_SIGN) {
+               if(!keyfile) keyfile = signerfile;
+       } else keyfile = NULL;
+
+       if(keyfile) {
+               if(!(key = load_key(keyfile))) {
+                       BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
+                       ERR_print_errors(bio_err);
+                       goto end;
+               }
+       }
+
+       if (infile) {
+               if (!(in = BIO_new_file(infile, inmode))) {
+                       BIO_printf (bio_err,
+                                "Can't open input file %s\n", infile);
+                       goto end;
+               }
+       } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+       if (outfile) {
+               if (!(out = BIO_new_file(outfile, outmode))) {
+                       BIO_printf (bio_err,
+                                "Can't open output file %s\n", outfile);
+                       goto end;
+               }
+       } else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+       if(operation == SMIME_VERIFY)
+               if(!(store = setup_verify(CAfile, CApath))) goto end;
+
+       ret = 3;
+       if(operation == SMIME_ENCRYPT) {
+               p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+       } else if(operation == SMIME_SIGN) {
+               p7 = PKCS7_sign(signer, key, other, in, flags);
+               BIO_reset(in);
+       } else {
+               if(!(p7 = SMIME_read_PKCS7(in, &indata))) {
+                       BIO_printf(bio_err, "Error reading S/MIME message\n");
+                       ret = 4;
+                       goto end;
+               }
+       }
+                       
+       if(!p7) {
+               BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
+               goto end;
+       }
+
+       if(operation == SMIME_DECRYPT) {
+               if(!PKCS7_decrypt(p7, key, recip, out, flags))
+                       BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
+               else ret = 0;
+       } else if(operation == SMIME_VERIFY) {
+               if(PKCS7_verify(p7, other, store, indata, out, flags)) {
+                       BIO_printf(bio_err, "Verification Successful\n");
+                       ret = 0;
+               } else {
+                       BIO_printf(bio_err, "Verification Failure\n");
+                       ret = 5;
+               }
+       } else if(operation == SMIME_PK7OUT) {
+               PEM_write_bio_PKCS7(out, p7);
+       } else {
+               if(to) BIO_printf(out, "To: %s\n", to);
+               if(from) BIO_printf(out, "From: %s\n", from);
+               if(subject) BIO_printf(out, "Subject: %s\n", subject);
+               SMIME_write_PKCS7(out, p7, in, flags);
+       }
+end:
+       if(ret) ERR_print_errors(bio_err);
+       sk_X509_pop_free(encerts, X509_free);
+       sk_X509_pop_free(other, X509_free);
+       X509_STORE_free(store);
+       X509_free(cert);
+       X509_free(recip);
+       X509_free(signer);
+       EVP_PKEY_free(key);
+       PKCS7_free(p7);
+       BIO_free(in);
+       BIO_free(indata);
+       BIO_free(out);
+       return (ret);
+}
+
+static X509 *load_cert(char *file)
+{
+       BIO *in;
+       X509 *cert;
+       if(!(in = BIO_new_file(file, "r"))) return NULL;
+       cert = PEM_read_bio_X509(in, NULL, NULL,NULL);
+       BIO_free(in);
+       return cert;
+}
+
+static EVP_PKEY *load_key(char *file)
+{
+       BIO *in;
+       EVP_PKEY *key;
+       if(!(in = BIO_new_file(file, "r"))) return NULL;
+       key = PEM_read_bio_PrivateKey(in, NULL, NULL,NULL);
+       BIO_free(in);
+       return key;
+}
+
+static STACK_OF(X509) *load_certs(char *file)
+{
+       BIO *in;
+       int i;
+       STACK_OF(X509) *othercerts;
+       STACK_OF(X509_INFO) *allcerts;
+       X509_INFO *xi;
+       if(!(in = BIO_new_file(file, "r"))) return NULL;
+       othercerts = sk_X509_new(NULL);
+       if(!othercerts) return NULL;
+       allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+       for(i = 0; i < sk_X509_INFO_num(allcerts); i++) {
+               xi = sk_X509_INFO_value (allcerts, i);
+               if (xi->x509) {
+                       sk_X509_push(othercerts, xi->x509);
+                       xi->x509 = NULL;
+               }
+       }
+       sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+       BIO_free(in);
+       return othercerts;
+}
+
+static X509_STORE *setup_verify(char *CAfile, char *CApath)
+{
+       X509_STORE *store;
+       X509_LOOKUP *lookup;
+       if(!(store = X509_STORE_new())) goto end;
+       lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+       if (lookup == NULL) goto end;
+       if (CAfile) {
+               if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+                       BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+                       goto end;
+               }
+       } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+               
+       lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+       if (lookup == NULL) goto end;
+       if (CApath) {
+               if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+                       BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+                       goto end;
+               }
+       } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+       ERR_clear_error();
+       return store;
+       end:
+       X509_STORE_free(store);
+       return NULL;
+}
index 00140a477912f3ca6984c59896dd8edf9e6436c3..9d8de10e1e6f9fd2728551f44b85c41a57694acf 100644 (file)
@@ -79,7 +79,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]=
 {ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0),    "PKCS12_key_gen_uni"},
 {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0),    "PKCS12_MAKE_KEYBAG"},
 {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0),  "PKCS12_MAKE_SHKEYBAG"},
-{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0),        "PKCS12_NEWPASS"},
+{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0),        "PKCS12_newpass"},
 {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0),    "PKCS12_pack_p7data"},
 {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
 {ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0),   "PKCS12_pack_safebag"},
index ea60491529bbf87c89053cb1c6f760deb091402f..b57c68fd36440bb15f414b45de264082b1c7b1ef 100644 (file)
@@ -25,8 +25,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=        pk7_lib.c pkcs7err.c pk7_doit.c
-LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o
+LIBSRC=        pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c pk7_mime.c
+LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o pk7_mime.o
 
 SRC= $(LIBSRC)
 
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
new file mode 100644 (file)
index 0000000..3b9c0fe
--- /dev/null
@@ -0,0 +1,85 @@
+/* pk7_attr.c */
+/* S/MIME code.
+ * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com) 
+ * All Rights Reserved. 
+ * Redistribution of this code without the authors permission is expressly
+ * prohibited.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
+{
+       ASN1_STRING *seq;
+       unsigned char *p, *pp;
+       int len;
+       len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+                                               V_ASN1_UNIVERSAL, IS_SEQUENCE);
+       if(!(pp=(unsigned char *)Malloc(len))) {
+               PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       p=pp;
+       i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+                                               V_ASN1_UNIVERSAL, IS_SEQUENCE);
+       if(!(seq = ASN1_STRING_new())) {
+               PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       if(!ASN1_STRING_set (seq, pp, len)) {
+               PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       Free (pp);
+        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+                                                       V_ASN1_SEQUENCE, seq);
+}
+
+STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
+       ASN1_TYPE *cap;
+       unsigned char *p;
+       cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+       if (!cap) return NULL;
+       p = cap->value.sequence->data;
+       return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length, 
+               (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE,
+                                                        V_ASN1_UNIVERSAL);
+}
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
+{
+       X509_ALGOR *alg;
+       if(!(alg = X509_ALGOR_new())) {
+               PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       ASN1_OBJECT_free(alg->algorithm);
+       alg->algorithm = OBJ_nid2obj (nid);
+       if (arg > 0) {
+               ASN1_INTEGER *nbit;
+               if(!(alg->parameter = ASN1_TYPE_new())) {
+                       PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                       return 0;
+               }
+               if(!(nbit = ASN1_INTEGER_new())) {
+                       PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                       return 0;
+               }
+               if(!ASN1_INTEGER_set (nbit, arg)) {
+                       PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+                       return 0;
+               }
+               alg->parameter->value.integer = nbit;
+               alg->parameter->type = V_ASN1_INTEGER;
+       }
+       sk_push (sk, (char *)alg);
+       return 1;
+}
index 7feb01230eaeab6e3ac84b4ee63bda75f90fbe7b..acc9cc4a476f3e348fd8f89e9bae866881bb2816 100644 (file)
@@ -61,6 +61,7 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
+#include <openssl/x509v3.h>
 
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
                         void *value);
@@ -680,6 +681,7 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
 
        /* Lets verify */
        X509_STORE_CTX_init(ctx,cert_store,x509,cert);
+       X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
        i=X509_verify_cert(ctx);
        if (i <= 0) 
                {
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
new file mode 100644 (file)
index 0000000..f346259
--- /dev/null
@@ -0,0 +1,673 @@
+/* pk7_mime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+
+/* MIME and related routines */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *name;                            /* Name of line e.g. "content-type" */
+char *value;                           /* Value of line e.g. "text/plain" */
+STACK /* MIME_PARAM */ *params;                /* Zero or more parameters */
+} MIME_HEADER;
+
+typedef struct {
+char *param_name;                      /* Param name e.g. "micalg" */
+char *param_value;                     /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
+static PKCS7 *B64_read_PKCS7(BIO *bio);
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);
+static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK **ret);
+static int iscrlf(char c);
+static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+
+typedef void (*stkfree)();
+
+/* Base 64 read and write of PKCS#7 structure */
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
+{
+       BIO *b64;
+       if(!(b64 = BIO_new(BIO_f_base64()))) {
+               PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       bio = BIO_push(b64, bio);
+       i2d_PKCS7_bio(bio, p7);
+       BIO_flush(bio);
+       bio = BIO_pop(bio);
+       BIO_free(b64);
+       return 1;
+}
+
+static PKCS7 *B64_read_PKCS7(BIO *bio)
+{
+       BIO *b64;
+       PKCS7 *p7;
+       if(!(b64 = BIO_new(BIO_f_base64()))) {
+               PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+       bio = BIO_push(b64, bio);
+       if(!(p7 = d2i_PKCS7_bio(bio, NULL))) 
+               PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
+       BIO_flush(bio);
+       bio = BIO_pop(bio);
+       BIO_free(b64);
+       return p7;
+}
+
+/* SMIME sender */
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+       char linebuf[MAX_SMLEN];
+       char bound[33], c;
+       int i;
+       if((flags & PKCS7_DETACHED) && data) {
+       /* We want multipart/signed */
+               /* Generate a random boundary */
+               RAND_bytes((unsigned char *)bound, 32);
+               for(i = 0; i < 32; i++) {
+                       c = bound[i] & 0xf;
+                       if(c < 10) c += '0';
+                       else c += 'A' - 10;
+                       bound[i] = c;
+               }
+               bound[32] = 0;
+               BIO_printf(bio, "MIME-Version: 1.0\n");
+               BIO_printf(bio, "Content-Type: multipart/signed ; ");
+               BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; ");
+               BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
+               BIO_printf(bio, "This is an S/MIME signed message\n\n");
+               /* Now write out the first part */
+               BIO_printf(bio, "------%s\r\n", bound);
+               if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
+               while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) 
+                                               BIO_write(bio, linebuf, i);
+               BIO_printf(bio, "\n------%s\n", bound);
+
+               /* Headers for signature */
+
+               BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
+               BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
+               BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
+               B64_write_PKCS7(bio, p7);
+               BIO_printf(bio,"\n------%s--\n\n", bound);
+               return 1;
+       }
+       /* MIME headers */
+       BIO_printf(bio, "MIME-Version: 1.0\n");
+       BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
+       BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
+       BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
+       B64_write_PKCS7(bio, p7);
+       BIO_printf(bio, "\n");
+       return 1;
+}
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+       BIO *p7in;
+       STACK *headers = NULL;
+       STACK *parts = NULL;
+       MIME_HEADER *hdr;
+       MIME_PARAM *prm;
+       PKCS7 *p7;
+       int ret;
+
+       if(bcont) *bcont = NULL;
+
+       if (!(headers = mime_parse_hdr(bio))) {
+               PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
+               return NULL;
+       }
+
+       if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+               sk_pop_free(headers, mime_hdr_free);
+               PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
+               return NULL;
+       }
+
+       /* Handle multipart/signed */
+
+       if(!strcmp(hdr->value, "multipart/signed")) {
+               /* Split into two parts */
+               prm = mime_param_find(hdr, "boundary");
+               if(!prm || !prm->param_value) {
+                       sk_pop_free(headers, mime_hdr_free);
+                       PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
+                       return NULL;
+               }
+               ret = multi_split(bio, prm->param_value, &parts);
+               sk_pop_free(headers, mime_hdr_free);
+               if(!ret || (sk_num(parts) != 2) ) {
+                       PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
+                       sk_pop_free(parts, (stkfree)BIO_free);
+                       return NULL;
+               }
+
+               /* Parse the signature piece */
+               p7in = (BIO *)sk_value(parts, 1);
+
+               if (!(headers = mime_parse_hdr(p7in))) {
+                       PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
+                       sk_pop_free(parts, (stkfree)BIO_free);
+                       return NULL;
+               }
+
+               /* Get content type */
+
+               if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+                                                                !hdr->value) {
+                       sk_pop_free(headers, mime_hdr_free);
+                       PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
+                       return NULL;
+               }
+
+               if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+                       strcmp(hdr->value, "application/pkcs7-signature")) {
+                       sk_pop_free(headers, mime_hdr_free);
+                       PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
+                       ERR_add_error_data(2, "type: ", hdr->value);
+                       sk_pop_free(parts, (stkfree)BIO_free);
+                       return NULL;
+               }
+               sk_pop_free(headers, mime_hdr_free);
+               /* Read in PKCS#7 */
+               if(!(p7 = B64_read_PKCS7(p7in))) {
+                       PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
+                       sk_pop_free(parts, (stkfree)BIO_free);
+                       return NULL;
+               }
+
+               if(bcont) {
+                       *bcont = (BIO *)sk_value(parts, 0);
+                       BIO_free(p7in);
+                       sk_free(parts);
+               } else sk_pop_free(parts, (stkfree)BIO_free);
+               return p7;
+       }
+               
+       /* OK, if not multipart/signed try opaque signature */
+
+       if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+           strcmp (hdr->value, "application/pkcs7-mime")) {
+               PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
+               ERR_add_error_data(2, "type: ", hdr->value);
+               sk_pop_free(headers, mime_hdr_free);
+               return NULL;
+       }
+
+       sk_pop_free(headers, mime_hdr_free);
+       
+       if(!(p7 = B64_read_PKCS7(bio))) {
+               PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
+               return NULL;
+       }
+       return p7;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+       char eol;
+       int len;
+       char linebuf[MAX_SMLEN];
+       if(flags & PKCS7_BINARY) {
+               while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+                                               BIO_write(out, linebuf, len);
+               return 1;
+       }
+       if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+       while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+               eol = 0;
+               while(iscrlf(linebuf[len - 1])) {
+                       len--;
+                       eol = 1;
+               }       
+               BIO_write(out, linebuf, len);
+               if(eol) BIO_write(out, "\r\n", 2);
+       }
+       return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+       char iobuf[4096];
+       int len;
+       STACK *headers;
+       MIME_HEADER *hdr;
+       if (!(headers = mime_parse_hdr(in))) {
+               PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
+               return 0;
+       }
+       if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+               PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
+               sk_pop_free(headers, mime_hdr_free);
+               return 0;
+       }
+       if (strcmp (hdr->value, "text/plain")) {
+               PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
+               ERR_add_error_data(2, "type: ", hdr->value);
+               sk_pop_free(headers, mime_hdr_free);
+               return 0;
+       }
+       sk_pop_free(headers, mime_hdr_free);
+       while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+                                               BIO_write(out, iobuf, len);
+       return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK **ret)
+{
+       char linebuf[MAX_SMLEN];
+       int len, blen;
+       BIO *bpart = NULL;
+       STACK *parts;
+       char state, part, first;
+       blen = strlen(bound);
+       part = 0;
+       state = 0;
+       first = 1;
+       parts = sk_new(NULL);
+       *ret = parts;
+       while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+               state = mime_bound_check(linebuf, len, bound, blen);
+               if(state == 1) {
+                       first = 1;
+                       part++;
+               } else if(state == 2) {
+                       sk_push(parts, (char *)bpart);
+                       return 1;
+               } else if(part) {
+                       if(first) {
+                               first = 0;
+                               if(bpart) sk_push(parts, (char *)bpart);
+                               bpart = BIO_new(BIO_s_mem());
+                               
+                       } else BIO_write(bpart, "\r\n", 2);
+                       /* Strip CR+LF from linebuf */
+                       while(iscrlf(linebuf[len - 1])) len--;
+                       BIO_write(bpart, linebuf, len);
+               }
+       }
+       return 0;
+}
+
+static int iscrlf(char c)
+{
+       if(c == '\r' || c == '\n') return 1;
+       return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID   0
+#define MIME_START     1
+#define MIME_TYPE      2
+#define MIME_NAME      3
+#define MIME_VALUE     4
+#define MIME_QUOTE     5
+#define MIME_COMMENT   6
+
+
+static STACK *mime_parse_hdr(BIO *bio)
+{
+       char *p, *q, c;
+       char *ntmp;
+       char linebuf[MAX_SMLEN];
+       MIME_HEADER *mhdr = NULL;
+       STACK *headers;
+       int len, state, save_state = 0;
+       headers = sk_new(mime_hdr_cmp);
+       while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+       /* If whitespace at line start then continuation line */
+       if(mhdr && isspace(linebuf[0])) state = MIME_NAME;
+       else state = MIME_START;
+       ntmp = NULL;
+       /* Go through all characters */
+       for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+       /* State machine to handle MIME headers
+        * if this looks horrible that's because it *is*
+         */
+
+               switch(state) {
+                       case MIME_START:
+                       if(c == ':') {
+                               state = MIME_TYPE;
+                               *p = 0;
+                               ntmp = strip_ends(q);
+                               q = p + 1;
+                       }
+                       break;
+
+                       case MIME_TYPE:
+                       if(c == ';') {
+                               mime_debug("Found End Value\n");
+                               *p = 0;
+                               mhdr = mime_hdr_new(ntmp, strip_ends(q));
+                               sk_push(headers, (char *)mhdr);
+                               ntmp = NULL;
+                               q = p + 1;
+                               state = MIME_NAME;
+                       } else if(c == '(') {
+                               save_state = state;
+                               state = MIME_COMMENT;
+                       }
+                       break;
+
+                       case MIME_COMMENT:
+                       if(c == ')') {
+                               state = save_state;
+                       }
+                       break;
+
+                       case MIME_NAME:
+                       if(c == '=') {
+                               state = MIME_VALUE;
+                               *p = 0;
+                               ntmp = strip_ends(q);
+                               q = p + 1;
+                       }
+                       break ;
+
+                       case MIME_VALUE:
+                       if(c == ';') {
+                               state = MIME_NAME;
+                               *p = 0;
+                               mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                               ntmp = NULL;
+                               q = p + 1;
+                       } else if (c == '"') {
+                               mime_debug("Found Quote\n");
+                               state = MIME_QUOTE;
+                       } else if(c == '(') {
+                               save_state = state;
+                               state = MIME_COMMENT;
+                       }
+                       break;
+
+                       case MIME_QUOTE:
+                       if(c == '"') {
+                               mime_debug("Found Match Quote\n");
+                               state = MIME_VALUE;
+                       }
+                       break;
+               }
+       }
+
+       if(state == MIME_TYPE) {
+               mhdr = mime_hdr_new(ntmp, strip_ends(q));
+               sk_push(headers, (char *)mhdr);
+       } else if(state == MIME_VALUE)
+                        mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+       if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+       return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+       char *p, c;
+       /* Look for first non white space or quote */
+       for(p = name; (c = *p) ;p++) {
+               if(c == '"') {
+                       /* Next char is start of string if non null */
+                       if(p[1]) return p + 1;
+                       /* Else null string */
+                       return NULL;
+               }
+               if(!isspace(c)) return p;
+       }
+       return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+       char *p, c;
+       if(!name) return NULL;
+       /* Look for first non white space or quote */
+       for(p = name + strlen(name) - 1; p >= name ;p--) {
+               c = *p;
+               if(c == '"') {
+                       if(p - 1 == name) return NULL;
+                       *p = 0;
+                       return name;
+               }
+               if(isspace(c)) *p = 0;  
+               else return name;
+       }
+       return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+       MIME_HEADER *mhdr;
+       char *tmpname, *tmpval, *p;
+       int c;
+       if(name) {
+               if(!(tmpname = BUF_strdup(name))) return NULL;
+               for(p = tmpname ; *p; p++) {
+                       c = *p;
+                       if(isupper(c)) {
+                               c = tolower(c);
+                               *p = c;
+                       }
+               }
+       } else tmpname = NULL;
+       if(value) {
+               if(!(tmpval = BUF_strdup(value))) return NULL;
+               for(p = tmpval ; *p; p++) {
+                       c = *p;
+                       if(isupper(c)) {
+                               c = tolower(c);
+                               *p = c;
+                       }
+               }
+       } else tmpval = NULL;
+       mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER));
+       if(!mhdr) return NULL;
+       mhdr->name = tmpname;
+       mhdr->value = tmpval;
+       if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL;
+       return mhdr;
+}
+               
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+       char *tmpname, *tmpval, *p;
+       int c;
+       MIME_PARAM *mparam;
+       if(name) {
+               tmpname = BUF_strdup(name);
+               if(!tmpname) return 0;
+               for(p = tmpname ; *p; p++) {
+                       c = *p;
+                       if(isupper(c)) {
+                               c = tolower(c);
+                               *p = c;
+                       }
+               }
+       } else tmpname = NULL;
+       if(value) {
+               tmpval = BUF_strdup(value);
+               if(!tmpval) return 0;
+       } else tmpval = NULL;
+       /* Paramter values are case sensitive so leave as is */
+       mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
+       if(!mparam) return 0;
+       mparam->param_name = tmpname;
+       mparam->param_value = tmpval;
+       sk_push(mhdr->params, (char *)mparam);
+       return 1;
+}
+
+static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)
+{
+       return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)
+{
+       return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name)
+{
+       MIME_HEADER htmp;
+       int idx;
+       htmp.name = name;
+       idx = sk_find(hdrs, (char *)&htmp);
+       if(idx < 0) return NULL;
+       return (MIME_HEADER *)sk_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+       MIME_PARAM param;
+       int idx;
+       param.param_name = name;
+       idx = sk_find(hdr->params, (char *)&param);
+       if(idx < 0) return NULL;
+       return (MIME_PARAM *)sk_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+       if(hdr->name) Free(hdr->name);
+       if(hdr->value) Free(hdr->value);
+       if(hdr->params) sk_pop_free(hdr->params, mime_param_free);
+       Free((char *)hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+       if(param->param_name) Free(param->param_name);
+       if(param->param_value) Free(param->param_value);
+       Free((char *)param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+       if(linelen == -1) linelen = strlen(line);
+       if(blen == -1) blen = strlen(bound);
+       /* Quickly eliminate if line length too short */
+       if(blen + 2 > linelen) return 0;
+       /* Check for part boundary */
+       if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+               if(!strncmp(line + blen + 2, "--", 2)) return 2;
+               else return 1;
+       }
+       return 0;
+}
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
new file mode 100644 (file)
index 0000000..58bf2d7
--- /dev/null
@@ -0,0 +1,392 @@
+/* pk7_smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                                       BIO *data, int flags)
+{
+       PKCS7 *p7;
+       PKCS7_SIGNER_INFO *si;
+       BIO *p7bio;
+       STACK *smcap;
+       int i;
+
+       if(!X509_check_private_key(signcert, pkey)) {
+               PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                return NULL;
+       }
+
+       if(!(p7 = PKCS7_new())) {
+               PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+
+       PKCS7_set_type(p7, NID_pkcs7_signed);
+
+       PKCS7_content_new(p7, NID_pkcs7_data);
+
+       if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+               PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+               return NULL;
+       }
+
+       if(!(flags & PKCS7_NOCERTS)) {
+               PKCS7_add_certificate(p7, signcert);
+               if(certs) for(i = 0; i < sk_X509_num(certs); i++)
+                       PKCS7_add_certificate(p7, sk_X509_value(certs, i));
+       }
+
+       if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+               PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+
+
+       SMIME_crlf_copy(data, p7bio, flags);
+
+       if(!(flags & PKCS7_NOATTR)) {
+               PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                               V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
+               /* Add SMIMECapabilities */
+               if(!(smcap = sk_new(NULL))) {
+                       PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+                       return NULL;
+               }
+#ifndef NO_DES
+               PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
+               PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
+#endif
+#ifndef NO_RC2
+               PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
+               PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
+               PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
+#endif
+               PKCS7_add_attrib_smimecap (si, smcap);
+               sk_pop_free(smcap, X509_ALGOR_free);
+       }
+
+       if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
+
+        if (!PKCS7_dataFinal(p7,p7bio)) {
+               PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
+               return NULL;
+       }
+
+        BIO_free_all(p7bio);
+       return p7;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                                       BIO *indata, BIO *out, int flags)
+{
+       STACK_OF(X509) *signers;
+       X509 *signer;
+       STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+       PKCS7_SIGNER_INFO *si;
+       PKCS7_ISSUER_AND_SERIAL *ias;
+       X509_STORE_CTX cert_ctx;
+       char buf[4096];
+       int i, j=0;
+       BIO *p7bio;
+       BIO *tmpout;
+
+       if(OBJ_obj2nid(p7->type) != NID_pkcs7_signed) {
+                               PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
+               return 0;
+       }
+
+       /* Check for no data and no content: no data to verify signature */
+       if(PKCS7_get_detached(p7) && !indata) {
+                               PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
+               return 0;
+       }
+
+       /* Check for data and content: two sets of data */
+       if(!PKCS7_get_detached(p7) && indata) {
+                               PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
+               return 0;
+       }
+
+       sinfos = PKCS7_get_signer_info(p7);
+
+       if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+                               PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
+               return 0;
+       }
+
+
+       if(!(signers = sk_X509_new(NULL))) {
+               PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+               return 0;
+       }
+
+       /* Collect all the signers together */
+
+       for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+       {
+           si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+           ias = si->issuer_and_serial;
+           signer = NULL;
+               /* If any certificates passed they take priority */
+           if (certs) signer = X509_find_by_issuer_and_serial (certs,
+                                               ias->issuer, ias->serial);
+           if (!signer && !(flags & PKCS7_NOINTERN)
+                       && p7->d.sign->cert) signer =
+                             X509_find_by_issuer_and_serial (p7->d.sign->cert,
+                                               ias->issuer, ias->serial);
+           if (!signer) {
+                       PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+                       sk_X509_free(signers);
+                       return 0;
+           }
+
+           sk_X509_push(signers, signer);
+       }
+
+
+       /* Now verify the certificates */
+
+       if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) {
+               signer = sk_X509_value (signers, i);
+               if (!(flags & PKCS7_NOCHAIN)) {
+                       X509_STORE_CTX_init(&cert_ctx, store, signer,
+                                                       p7->d.sign->cert);
+                       X509_STORE_CTX_set_purpose(&cert_ctx,
+                                               X509_PURPOSE_SMIME_SIGN);
+               } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
+               i = X509_verify_cert(&cert_ctx);
+               if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
+               X509_STORE_CTX_cleanup(&cert_ctx);
+               if (i <= 0) {
+                       PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+                       ERR_add_error_data(2, "Verify error:",
+                                        X509_verify_cert_error_string(j));
+                       sk_X509_free(signers);
+                       return 0;
+               }
+               /* Check for revocation status here */
+       }
+
+       p7bio=PKCS7_dataInit(p7,indata);
+
+       if(flags & PKCS7_TEXT) {
+               if(!(tmpout = BIO_new(BIO_s_mem()))) {
+                       PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+                       goto err;
+               }
+       } else tmpout = out;
+
+       /* We now have to 'read' from p7bio to calculate digests etc. */
+       for (;;)
+       {
+               i=BIO_read(p7bio,buf,sizeof(buf));
+               if (i <= 0) break;
+               if (tmpout) BIO_write(tmpout, buf, i);
+       }
+
+       if(flags & PKCS7_TEXT) {
+               if(!SMIME_text(tmpout, out)) {
+                       PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
+                       BIO_free(tmpout);
+                       goto err;
+               }
+               BIO_free(tmpout);
+       }
+
+       /* Now Verify All Signatures */
+       if (!(flags & PKCS7_NOSIGS))
+           for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+               {
+               si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
+               signer = sk_X509_value (signers, i);
+               j=PKCS7_signatureVerify(p7bio,p7,si, signer);
+               if (j <= 0) {
+                       PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
+                       goto err;
+               }
+       }
+
+       sk_X509_free(signers);
+       if(indata) BIO_pop(p7bio);
+       BIO_free_all(p7bio);
+
+       return 1;
+
+       err:
+
+       sk_X509_free(signers);
+       BIO_free(p7bio);
+
+       return 0;
+}
+
+/* Build a complete PKCS#7 enveloped data */
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+                                                               int flags)
+{
+       PKCS7 *p7;
+       BIO *p7bio = NULL;
+       int i;
+       X509 *x509;
+       char inbuf[4096];
+       static char txthdr[] = "Content-type: text/plain\r\n\r\n";
+       if(!(p7 = PKCS7_new())) {
+               PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+
+       PKCS7_set_type(p7, NID_pkcs7_enveloped);
+       if(!PKCS7_set_cipher(p7, cipher)) {
+               PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
+               goto err;
+       }
+
+       for(i = 0; i < sk_X509_num(certs); i++) {
+               x509 = sk_X509_value(certs, i);
+               if(!PKCS7_add_recipient(p7, x509)) {
+                       PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
+                                       PKCS7_R_ERROR_ADDING_RECIPIENT);
+                       goto err;
+               }
+       }
+
+       if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+               PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+               goto err;
+       }
+
+       if(flags & PKCS7_TEXT) {
+               if(BIO_write(p7bio, txthdr, sizeof(txthdr) - 1) < 0) {
+                       goto err;
+               }
+       }
+
+       for (;;) {
+               i = BIO_read(in, inbuf, sizeof(inbuf));
+               if (i <= 0) break;
+               BIO_write(p7bio, inbuf, i);
+       }
+       BIO_flush(p7bio);
+
+        if (!PKCS7_dataFinal(p7,p7bio)) {
+               PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
+               goto err;
+       }
+        BIO_free_all(p7bio);
+
+       return p7;
+
+       err:
+
+       BIO_free(p7bio);
+       PKCS7_free(p7);
+       return NULL;
+
+}
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+{
+       BIO *tmpmem;
+       int ret, i;
+       char buf[4096];
+       if(!PKCS7_type_is_enveloped(p7)) {
+               PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
+               return 0;
+       }
+       if(!X509_check_private_key(cert, pkey)) {
+               PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+                               PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+               return 0;
+       }
+
+       if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
+               PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+               return 0;
+       }
+
+       if (flags & PKCS7_TEXT) {
+               BIO *tmpbuf, *bread;
+               /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+               if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
+                       PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+                       return 0;
+               }
+               if(!(bread = BIO_push(tmpbuf, tmpmem))) {
+                       PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+                       return 0;
+               }
+               ret = SMIME_text(bread, data);
+               BIO_free_all(bread);
+               return ret;
+       } else {
+               for(;;) {
+                       i = BIO_read(tmpmem, buf, sizeof(buf));
+                       if(i <= 0) break;
+                       BIO_write(data, buf, i);
+               }
+               BIO_free_all(tmpmem);
+               return 1;
+       }
+}
index 839439aae0bbffdc094df4e3b5f4cc85f1fce69d..d30a05bd2e956a16e14c6b40e42be55825dcc9a2 100644 (file)
@@ -219,6 +219,7 @@ typedef struct pkcs7_st
 #define PKCS7_get_attributes(si)       ((si)->unauth_attr)
 
 #define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
 #define PKCS7_type_is_signedAndEnveloped(a) \
                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
 #define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
@@ -236,6 +237,29 @@ typedef struct pkcs7_st
 #endif
 #endif
 
+/* S/MIME related flags */
+
+#define PKCS7_TEXT     0x1
+#define PKCS7_NOCERTS  0x2
+#define PKCS7_NOSIGS   0x4
+#define PKCS7_NOCHAIN  0x8
+#define PKCS7_NOINTERN 0x10
+#define PKCS7_NOVERIFY 0x20
+#define PKCS7_DETACHED 0x40
+#define PKCS7_BINARY   0x80
+#define PKCS7_NOATTR   0x100
+
+/* Flags: for compatability with older code */
+
+#define SMIME_TEXT     PKCS7_TEXT
+#define SMIME_NOCERTS  PKCS7_NOCERTS
+#define SMIME_NOSIGS   PKCS7_NOSIGS
+#define SMIME_NOCHAIN  PKCS7_NOCHAIN
+#define SMIME_NOINTERN PKCS7_NOINTERN
+#define SMIME_NOVERIFY PKCS7_NOVERIFY
+#define SMIME_DETACHED PKCS7_DETACHED
+#define SMIME_BINARY   PKCS7_BINARY
+#define SMIME_NOATTR   PKCS7_NOATTR
 
 PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
 void                   PKCS7_ISSUER_AND_SERIAL_free(
@@ -368,6 +392,22 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
 int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
 
 
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                                                       BIO *data, int flags);
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                                       BIO *indata, BIO *out, int flags);
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+                                                               int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap);
+STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
+int PKCS7_simple_smimecap(STACK *sk, int nid, int arg);
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -377,6 +417,9 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
 /* Error codes for the PKCS7 functions. */
 
 /* Function codes. */
+#define PKCS7_F_B64_READ_PKCS7                          120
+#define PKCS7_F_B64_WRITE_PKCS7                                 121
+#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP               118
 #define PKCS7_F_PKCS7_ADD_CERTIFICATE                   100
 #define PKCS7_F_PKCS7_ADD_CRL                           101
 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                102
@@ -386,20 +429,52 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
 #define PKCS7_F_PKCS7_DATAINIT                          105
 #define PKCS7_F_PKCS7_DATASIGN                          106
 #define PKCS7_F_PKCS7_DATAVERIFY                        107
+#define PKCS7_F_PKCS7_DECRYPT                           114
+#define PKCS7_F_PKCS7_ENCRYPT                           115
 #define PKCS7_F_PKCS7_SET_CIPHER                        108
 #define PKCS7_F_PKCS7_SET_CONTENT                       109
 #define PKCS7_F_PKCS7_SET_TYPE                          110
+#define PKCS7_F_PKCS7_SIGN                              116
 #define PKCS7_F_PKCS7_SIGNATUREVERIFY                   113
+#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                   119
+#define PKCS7_F_PKCS7_VERIFY                            117
+#define PKCS7_F_SMIME_READ_PKCS7                        122
+#define PKCS7_F_SMIME_TEXT                              123
 
 /* Reason codes. */
+#define PKCS7_R_CERTIFICATE_VERIFY_ERROR                117
 #define PKCS7_R_CIPHER_NOT_INITIALIZED                  116
+#define PKCS7_R_CONTENT_AND_DATA_PRESENT                118
+#define PKCS7_R_DECODE_ERROR                            130
 #define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH           100
+#define PKCS7_R_DECRYPT_ERROR                           119
 #define PKCS7_R_DIGEST_FAILURE                          101
+#define PKCS7_R_ERROR_ADDING_RECIPIENT                  120
+#define PKCS7_R_ERROR_SETTING_CIPHER                    121
 #define PKCS7_R_INTERNAL_ERROR                          102
+#define PKCS7_R_INVALID_MIME_TYPE                       131
+#define PKCS7_R_MIME_NO_CONTENT_TYPE                    132
+#define PKCS7_R_MIME_PARSE_ERROR                        133
+#define PKCS7_R_MIME_SIG_PARSE_ERROR                    134
 #define PKCS7_R_MISSING_CERIPEND_INFO                   103
+#define PKCS7_R_NO_CONTENT                              122
+#define PKCS7_R_NO_CONTENT_TYPE                                 135
+#define PKCS7_R_NO_MULTIPART_BODY_FAILURE               136
+#define PKCS7_R_NO_MULTIPART_BOUNDARY                   137
 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE        115
+#define PKCS7_R_NO_SIGNATURES_ON_DATA                   123
+#define PKCS7_R_NO_SIG_CONTENT_TYPE                     138
 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE    104
+#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR               124
+#define PKCS7_R_PKCS7_DATAFINAL_ERROR                   125
+#define PKCS7_R_PKCS7_DATASIGN                          126
+#define PKCS7_R_PKCS7_PARSE_ERROR                       139
+#define PKCS7_R_PKCS7_SIG_PARSE_ERROR                   140
+#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE  127
 #define PKCS7_R_SIGNATURE_FAILURE                       105
+#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND            128
+#define PKCS7_R_SIG_INVALID_MIME_TYPE                   141
+#define PKCS7_R_SMIME_TEXT_ERROR                        129
 #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE              106
 #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                  107
 #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST           108
index 82be3c2ca1e722a96c72fce7fd2ae7f1d9ef4f11..a6c1ce98fee3993f6e2e90ded82719409706a27b 100644 (file)
@@ -65,6 +65,9 @@
 #ifndef NO_ERR
 static ERR_STRING_DATA PKCS7_str_functs[]=
        {
+{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"},
+{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0),        "B64_WRITE_PKCS7"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0),      "PKCS7_add_attrib_smimecap"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0),  "PKCS7_add_certificate"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0),  "PKCS7_add_crl"},
 {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0),       "PKCS7_add_recipient_info"},
@@ -74,23 +77,55 @@ static ERR_STRING_DATA PKCS7_str_functs[]=
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"},
 {ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0),       "PKCS7_dataVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0),  "PKCS7_decrypt"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0),  "PKCS7_encrypt"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0),       "PKCS7_set_cipher"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0),      "PKCS7_set_content"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0),     "PKCS7_sign"},
 {ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0),  "PKCS7_signatureVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0),  "PKCS7_simple_smimecap"},
+{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0),   "PKCS7_verify"},
+{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0),       "SMIME_read_PKCS7"},
+{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0),     "SMIME_text"},
 {0,NULL}
        };
 
 static ERR_STRING_DATA PKCS7_str_reasons[]=
        {
+{PKCS7_R_CERTIFICATE_VERIFY_ERROR        ,"certificate verify error"},
 {PKCS7_R_CIPHER_NOT_INITIALIZED          ,"cipher not initialized"},
+{PKCS7_R_CONTENT_AND_DATA_PRESENT        ,"content and data present"},
+{PKCS7_R_DECODE_ERROR                    ,"decode error"},
 {PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH   ,"decrypted key is wrong length"},
+{PKCS7_R_DECRYPT_ERROR                   ,"decrypt error"},
 {PKCS7_R_DIGEST_FAILURE                  ,"digest failure"},
+{PKCS7_R_ERROR_ADDING_RECIPIENT          ,"error adding recipient"},
+{PKCS7_R_ERROR_SETTING_CIPHER            ,"error setting cipher"},
 {PKCS7_R_INTERNAL_ERROR                  ,"internal error"},
+{PKCS7_R_INVALID_MIME_TYPE               ,"invalid mime type"},
+{PKCS7_R_MIME_NO_CONTENT_TYPE            ,"mime no content type"},
+{PKCS7_R_MIME_PARSE_ERROR                ,"mime parse error"},
+{PKCS7_R_MIME_SIG_PARSE_ERROR            ,"mime sig parse error"},
 {PKCS7_R_MISSING_CERIPEND_INFO           ,"missing ceripend info"},
+{PKCS7_R_NO_CONTENT                      ,"no content"},
+{PKCS7_R_NO_CONTENT_TYPE                 ,"no content type"},
+{PKCS7_R_NO_MULTIPART_BODY_FAILURE       ,"no multipart body failure"},
+{PKCS7_R_NO_MULTIPART_BOUNDARY           ,"no multipart boundary"},
 {PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
+{PKCS7_R_NO_SIGNATURES_ON_DATA           ,"no signatures on data"},
+{PKCS7_R_NO_SIG_CONTENT_TYPE             ,"no sig content type"},
 {PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
+{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR       ,"pkcs7 add signature error"},
+{PKCS7_R_PKCS7_DATAFINAL_ERROR           ,"pkcs7 datafinal error"},
+{PKCS7_R_PKCS7_DATASIGN                  ,"pkcs7 datasign"},
+{PKCS7_R_PKCS7_PARSE_ERROR               ,"pkcs7 parse error"},
+{PKCS7_R_PKCS7_SIG_PARSE_ERROR           ,"pkcs7 sig parse error"},
+{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
 {PKCS7_R_SIGNATURE_FAILURE               ,"signature failure"},
+{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND    ,"signer certificate not found"},
+{PKCS7_R_SIG_INVALID_MIME_TYPE           ,"sig invalid mime type"},
+{PKCS7_R_SMIME_TEXT_ERROR                ,"smime text error"},
 {PKCS7_R_UNABLE_TO_FIND_CERTIFICATE      ,"unable to find certificate"},
 {PKCS7_R_UNABLE_TO_FIND_MEM_BIO          ,"unable to find mem bio"},
 {PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST   ,"unable to find message digest"},