From 5a9a4b299c0140ccdd5cc61fef701935a5931842 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 5 Dec 1999 00:40:59 +0000 Subject: [PATCH] Merge in my S/MIME library and utility. --- CHANGES | 8 + STATUS | 5 +- apps/Makefile.ssl | 6 +- apps/progs.h | 2 + apps/smime.c | 446 +++++++++++++++++++++++++ crypto/pkcs12/pk12err.c | 2 +- crypto/pkcs7/Makefile.ssl | 4 +- crypto/pkcs7/pk7_attr.c | 85 +++++ crypto/pkcs7/pk7_doit.c | 2 + crypto/pkcs7/pk7_mime.c | 673 ++++++++++++++++++++++++++++++++++++++ crypto/pkcs7/pk7_smime.c | 392 ++++++++++++++++++++++ crypto/pkcs7/pkcs7.h | 75 +++++ crypto/pkcs7/pkcs7err.c | 35 ++ 13 files changed, 1726 insertions(+), 9 deletions(-) create mode 100644 apps/smime.c create mode 100644 crypto/pkcs7/pk7_attr.c create mode 100644 crypto/pkcs7/pk7_mime.c create mode 100644 crypto/pkcs7/pk7_smime.c diff --git a/CHANGES b/CHANGES index 247d65a001..5e1883f375 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,14 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Merge in my S/MIME library for OpenSSL. This provides a simple + S/MIME API on top of the PKCS#7 code, a MIME parser (with enough + functionality to handle multipart/signed properly) and a utility + called 'smime' to call all this stuff. This is based on code I + originally wrote for Celo who have kindly allowed it to be + included in OpenSSL. + [Steve Henson] + *) Add variants des_set_key_checked and des_set_key_unchecked of des_set_key (aka des_key_sched). Global variable des_check_key decides which of these is called by des_set_key; this way diff --git a/STATUS b/STATUS index 786d689aa7..7aa79674dd 100644 --- a/STATUS +++ b/STATUS @@ -1,6 +1,6 @@ OpenSSL STATUS Last modified at - ______________ $Date: 1999/11/11 13:58:22 $ + ______________ $Date: 1999/12/05 00:40:53 $ DEVELOPMENT STATE @@ -18,7 +18,6 @@ o shared libraries o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu) o SMIME tool (demo), Sampo Kellomaki - o OCSP patch, Massimiliano Pala (madwolf@openca.org) o CA.pl patch (Damien Miller) o FreeBSD 3.0 changes (Richard Levitte) @@ -27,7 +26,7 @@ o Steve is currently working on (in no particular order): Proper (or at least usable) certificate chain verification. Private key, certificate and CRL API and implementation. - Checking and bugfixing PKCS#7 (S/MIME code). + Developing and bugfixing PKCS#7 (S/MIME code). Various X509 issues: character sets, certificate request extensions. Documentation for the openssl utility. diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl index 439f50dcb5..372358511a 100644 --- a/apps/Makefile.ssl +++ b/apps/Makefile.ssl @@ -38,7 +38,7 @@ E_EXE= verify asn1pars req dgst dh enc gendh errstr ca crl \ rsa dsa dsaparam \ x509 genrsa gendsa s_server s_client speed \ s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \ - pkcs8 spkac + pkcs8 spkac smime PROGS= $(PROGRAM).c @@ -54,7 +54,7 @@ E_OBJ= verify.o asn1pars.o req.o dgst.o dh.o enc.o gendh.o errstr.o ca.o \ rsa.o dsa.o dsaparam.o \ x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \ s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \ - ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o + ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o # pem_mail.o @@ -63,7 +63,7 @@ E_SRC= verify.c asn1pars.c req.c dgst.c dh.c enc.c gendh.c errstr.c ca.c \ rsa.c dsa.c dsaparam.c \ x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \ s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \ - ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c + ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c # pem_mail.c diff --git a/apps/progs.h b/apps/progs.h index bd9e806bb7..e60df2a821 100644 --- a/apps/progs.h +++ b/apps/progs.h @@ -29,6 +29,7 @@ extern int nseq_main(int argc,char *argv[]); extern int pkcs12_main(int argc,char *argv[]); extern int pkcs8_main(int argc,char *argv[]); extern int spkac_main(int argc,char *argv[]); +extern int smime_main(int argc,char *argv[]); #ifdef SSLEAY_SRC /* Defined only in openssl.c. */ @@ -96,6 +97,7 @@ FUNCTION functions[] = { #endif {FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main}, {FUNC_TYPE_GENERAL,"spkac",spkac_main}, + {FUNC_TYPE_GENERAL,"smime",smime_main}, {FUNC_TYPE_MD,"md2",dgst_main}, {FUNC_TYPE_MD,"md5",dgst_main}, {FUNC_TYPE_MD,"sha",dgst_main}, diff --git a/apps/smime.c b/apps/smime.c new file mode 100644 index 0000000000..75087ea68f --- /dev/null +++ b/apps/smime.c @@ -0,0 +1,446 @@ +/* smime.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* S/MIME utility function */ + +#include +#include +#include +#include +#include "apps.h" + +#undef PROG +#define PROG smime_main +static X509 *load_cert(char *file); +static EVP_PKEY *load_key(char *file); +static STACK_OF(X509) *load_certs(char *file); +static X509_STORE *setup_verify(char *CAfile, char *CApath); + +#define SMIME_OP 0x10 +#define SMIME_ENCRYPT (1 | SMIME_OP) +#define SMIME_DECRYPT 2 +#define SMIME_SIGN (3 | SMIME_OP) +#define SMIME_VERIFY 4 +#define SMIME_PK7OUT 5 + +int MAIN(int argc, char **argv) +{ + int operation = 0; + int ret = 0; + char **args; + char *inmode = "r", *outmode = "w"; + char *infile = NULL, *outfile = NULL; + char *signerfile = NULL, *recipfile = NULL; + char *certfile = NULL, *keyfile = NULL; + EVP_CIPHER *cipher = NULL; + PKCS7 *p7 = NULL; + X509_STORE *store = NULL; + X509 *cert = NULL, *recip = NULL, *signer = NULL; + EVP_PKEY *key = NULL; + STACK_OF(X509) *encerts = NULL, *other = NULL; + BIO *in = NULL, *out = NULL, *indata = NULL; + int badarg = 0; + int flags = PKCS7_DETACHED; + char *to = NULL, *from = NULL, *subject = NULL; + char *CAfile = NULL, *CApath = NULL; + + args = argv + 1; + + ret = 1; + + while (!badarg && *args && *args[0] == '-') { + if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT; + else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT; + else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN; + else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY; + else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT; + else if (!strcmp (*args, "-des3")) + cipher = EVP_des_ede3_cbc(); + else if (!strcmp (*args, "-des")) + cipher = EVP_des_cbc(); + else if (!strcmp (*args, "-rc2-40")) + cipher = EVP_rc2_40_cbc(); + else if (!strcmp (*args, "-rc2-128")) + cipher = EVP_rc2_cbc(); + else if (!strcmp (*args, "-rc2-64")) + cipher = EVP_rc2_64_cbc(); + else if (!strcmp (*args, "-text")) + flags |= PKCS7_TEXT; + else if (!strcmp (*args, "-nointern")) + flags |= PKCS7_NOINTERN; + else if (!strcmp (*args, "-noverify")) + flags |= PKCS7_NOVERIFY; + else if (!strcmp (*args, "-nochain")) + flags |= PKCS7_NOCHAIN; + else if (!strcmp (*args, "-nocerts")) + flags |= PKCS7_NOCERTS; + else if (!strcmp (*args, "-noattr")) + flags |= PKCS7_NOATTR; + else if (!strcmp (*args, "-nodetach")) + flags &= ~PKCS7_DETACHED; + else if (!strcmp (*args, "-binary")) + flags |= PKCS7_BINARY; + else if (!strcmp (*args, "-to")) { + if (args[1]) { + args++; + to = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-from")) { + if (args[1]) { + args++; + from = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-subject")) { + if (args[1]) { + args++; + subject = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-signer")) { + if (args[1]) { + args++; + signerfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-recip")) { + if (args[1]) { + args++; + recipfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-inkey")) { + if (args[1]) { + args++; + keyfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-certfile")) { + if (args[1]) { + args++; + certfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-CAfile")) { + if (args[1]) { + args++; + CAfile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-CApath")) { + if (args[1]) { + args++; + CApath = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-in")) { + if (args[1]) { + args++; + infile = *args; + } else badarg = 1; + } else if (!strcmp (*args, "-out")) { + if (args[1]) { + args++; + outfile = *args; + } else badarg = 1; + } else badarg = 1; + args++; + } + + if(operation == SMIME_SIGN) { + if(!signerfile) { + BIO_printf(bio_err, "No signer certificate specified\n"); + badarg = 1; + } + } else if(operation == SMIME_DECRYPT) { + if(!recipfile) { + BIO_printf(bio_err, "No recipient certificate and key specified\n"); + badarg = 1; + } + } else if(operation == SMIME_ENCRYPT) { + if(!*args) { + BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n"); + badarg = 1; + } + } else if(!operation) badarg = 1; + + if (badarg) { + BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n"); + BIO_printf (bio_err, "where options are\n"); + BIO_printf (bio_err, "-encrypt encrypt message\n"); + BIO_printf (bio_err, "-decrypt decrypt encrypted message\n"); + BIO_printf (bio_err, "-sign sign message\n"); + BIO_printf (bio_err, "-verify verify signed message\n"); + BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n"); + BIO_printf (bio_err, "-des3 encrypt with triple DES\n"); + BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40\n"); + BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n"); + BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-certfile file other certificates file\n"); + BIO_printf (bio_err, "-signer file signer certificate file\n"); + BIO_printf (bio_err, "-recip file recipient certificate file\n"); + BIO_printf (bio_err, "-in file input file\n"); + BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n"); + BIO_printf (bio_err, "-out file output file\n"); + BIO_printf (bio_err, "-to addr to address\n"); + BIO_printf (bio_err, "-from ad from address\n"); + BIO_printf (bio_err, "-subject s subject\n"); + BIO_printf (bio_err, "-text include or delete text MIME headers\n"); + BIO_printf (bio_err, "cert.pem recipient certificate(s)\n"); + goto end; + } + + ret = 2; + + if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED; + + if(flags & PKCS7_BINARY) { + if(operation & SMIME_OP) inmode = "rb"; + else outmode = "rb"; + } + + if(operation == SMIME_ENCRYPT) { + if (!cipher) cipher = EVP_rc2_40_cbc(); + while (*args) { + encerts = sk_X509_new_null(); + if(!(cert = load_cert(*args))) { + BIO_printf(bio_err, "Can't read recipent certificate file %s\n", *args); + goto end; + } + sk_X509_push (encerts, cert); + cert = NULL; + args++; + } + } + + if(signerfile) { + if(!(signer = load_cert(signerfile))) { + BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile); + goto end; + } + } + + if(certfile) { + if(!(other = load_certs(certfile))) { + BIO_printf(bio_err, "Can't read certificate file %s\n", certfile); + ERR_print_errors(bio_err); + goto end; + } + } + + if(recipfile) { + if(!(recip = load_cert(recipfile))) { + BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile); + ERR_print_errors(bio_err); + goto end; + } + } + + if(operation == SMIME_DECRYPT) { + if(!keyfile) keyfile = recipfile; + } else if(operation == SMIME_SIGN) { + if(!keyfile) keyfile = signerfile; + } else keyfile = NULL; + + if(keyfile) { + if(!(key = load_key(keyfile))) { + BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile); + ERR_print_errors(bio_err); + goto end; + } + } + + if (infile) { + if (!(in = BIO_new_file(infile, inmode))) { + BIO_printf (bio_err, + "Can't open input file %s\n", infile); + goto end; + } + } else in = BIO_new_fp(stdin, BIO_NOCLOSE); + + if (outfile) { + if (!(out = BIO_new_file(outfile, outmode))) { + BIO_printf (bio_err, + "Can't open output file %s\n", outfile); + goto end; + } + } else out = BIO_new_fp(stdout, BIO_NOCLOSE); + + if(operation == SMIME_VERIFY) + if(!(store = setup_verify(CAfile, CApath))) goto end; + + ret = 3; + if(operation == SMIME_ENCRYPT) { + p7 = PKCS7_encrypt(encerts, in, cipher, flags); + } else if(operation == SMIME_SIGN) { + p7 = PKCS7_sign(signer, key, other, in, flags); + BIO_reset(in); + } else { + if(!(p7 = SMIME_read_PKCS7(in, &indata))) { + BIO_printf(bio_err, "Error reading S/MIME message\n"); + ret = 4; + goto end; + } + } + + if(!p7) { + BIO_printf(bio_err, "Error creating PKCS#7 structure\n"); + goto end; + } + + if(operation == SMIME_DECRYPT) { + if(!PKCS7_decrypt(p7, key, recip, out, flags)) + BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n"); + else ret = 0; + } else if(operation == SMIME_VERIFY) { + if(PKCS7_verify(p7, other, store, indata, out, flags)) { + BIO_printf(bio_err, "Verification Successful\n"); + ret = 0; + } else { + BIO_printf(bio_err, "Verification Failure\n"); + ret = 5; + } + } else if(operation == SMIME_PK7OUT) { + PEM_write_bio_PKCS7(out, p7); + } else { + if(to) BIO_printf(out, "To: %s\n", to); + if(from) BIO_printf(out, "From: %s\n", from); + if(subject) BIO_printf(out, "Subject: %s\n", subject); + SMIME_write_PKCS7(out, p7, in, flags); + } +end: + if(ret) ERR_print_errors(bio_err); + sk_X509_pop_free(encerts, X509_free); + sk_X509_pop_free(other, X509_free); + X509_STORE_free(store); + X509_free(cert); + X509_free(recip); + X509_free(signer); + EVP_PKEY_free(key); + PKCS7_free(p7); + BIO_free(in); + BIO_free(indata); + BIO_free(out); + return (ret); +} + +static X509 *load_cert(char *file) +{ + BIO *in; + X509 *cert; + if(!(in = BIO_new_file(file, "r"))) return NULL; + cert = PEM_read_bio_X509(in, NULL, NULL,NULL); + BIO_free(in); + return cert; +} + +static EVP_PKEY *load_key(char *file) +{ + BIO *in; + EVP_PKEY *key; + if(!(in = BIO_new_file(file, "r"))) return NULL; + key = PEM_read_bio_PrivateKey(in, NULL, NULL,NULL); + BIO_free(in); + return key; +} + +static STACK_OF(X509) *load_certs(char *file) +{ + BIO *in; + int i; + STACK_OF(X509) *othercerts; + STACK_OF(X509_INFO) *allcerts; + X509_INFO *xi; + if(!(in = BIO_new_file(file, "r"))) return NULL; + othercerts = sk_X509_new(NULL); + if(!othercerts) return NULL; + allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); + for(i = 0; i < sk_X509_INFO_num(allcerts); i++) { + xi = sk_X509_INFO_value (allcerts, i); + if (xi->x509) { + sk_X509_push(othercerts, xi->x509); + xi->x509 = NULL; + } + } + sk_X509_INFO_pop_free(allcerts, X509_INFO_free); + BIO_free(in); + return othercerts; +} + +static X509_STORE *setup_verify(char *CAfile, char *CApath) +{ + X509_STORE *store; + X509_LOOKUP *lookup; + if(!(store = X509_STORE_new())) goto end; + lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file()); + if (lookup == NULL) goto end; + if (CAfile) { + if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) { + BIO_printf(bio_err, "Error loading file %s\n", CAfile); + goto end; + } + } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT); + + lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir()); + if (lookup == NULL) goto end; + if (CApath) { + if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) { + BIO_printf(bio_err, "Error loading directory %s\n", CApath); + goto end; + } + } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT); + + ERR_clear_error(); + return store; + end: + X509_STORE_free(store); + return NULL; +} diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c index 00140a4779..9d8de10e1e 100644 --- a/crypto/pkcs12/pk12err.c +++ b/crypto/pkcs12/pk12err.c @@ -79,7 +79,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]= {ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, -{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_NEWPASS"}, +{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"}, {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, {ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl index ea60491529..b57c68fd36 100644 --- a/crypto/pkcs7/Makefile.ssl +++ b/crypto/pkcs7/Makefile.ssl @@ -25,8 +25,8 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c -LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o +LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c pk7_mime.c +LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o pk7_mime.o SRC= $(LIBSRC) diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c new file mode 100644 index 0000000000..3b9c0fe3f2 --- /dev/null +++ b/crypto/pkcs7/pk7_attr.c @@ -0,0 +1,85 @@ +/* pk7_attr.c */ +/* S/MIME code. + * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com) + * All Rights Reserved. + * Redistribution of this code without the authors permission is expressly + * prohibited. + */ + +#include +#include +#include +#include +#include +#include +#include + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap) +{ + ASN1_STRING *seq; + unsigned char *p, *pp; + int len; + len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); + if(!(pp=(unsigned char *)Malloc(len))) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + p=pp; + i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); + if(!(seq = ASN1_STRING_new())) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!ASN1_STRING_set (seq, pp, len)) { + PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + Free (pp); + return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, + V_ASN1_SEQUENCE, seq); +} + +STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) +{ + ASN1_TYPE *cap; + unsigned char *p; + cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); + if (!cap) return NULL; + p = cap->value.sequence->data; + return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length, + (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL); +} + +/* Basic smime-capabilities OID and optional integer arg */ +int PKCS7_simple_smimecap(STACK *sk, int nid, int arg) +{ + X509_ALGOR *alg; + if(!(alg = X509_ALGOR_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + ASN1_OBJECT_free(alg->algorithm); + alg->algorithm = OBJ_nid2obj (nid); + if (arg > 0) { + ASN1_INTEGER *nbit; + if(!(alg->parameter = ASN1_TYPE_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!(nbit = ASN1_INTEGER_new())) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + if(!ASN1_INTEGER_set (nbit, arg)) { + PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); + return 0; + } + alg->parameter->value.integer = nbit; + alg->parameter->type = V_ASN1_INTEGER; + } + sk_push (sk, (char *)alg); + return 1; +} diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c index 7feb01230e..acc9cc4a47 100644 --- a/crypto/pkcs7/pk7_doit.c +++ b/crypto/pkcs7/pk7_doit.c @@ -61,6 +61,7 @@ #include #include #include +#include static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, void *value); @@ -680,6 +681,7 @@ int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, /* Lets verify */ X509_STORE_CTX_init(ctx,cert_store,x509,cert); + X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); i=X509_verify_cert(ctx); if (i <= 0) { diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c new file mode 100644 index 0000000000..f346259b92 --- /dev/null +++ b/crypto/pkcs7/pk7_mime.c @@ -0,0 +1,673 @@ +/* pk7_mime.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "cryptlib.h" +#include +#include + +/* MIME and related routines */ + +/* MIME format structures + * Note that all are translated to lower case apart from + * parameter values. Quotes are stripped off + */ + +typedef struct { +char *name; /* Name of line e.g. "content-type" */ +char *value; /* Value of line e.g. "text/plain" */ +STACK /* MIME_PARAM */ *params; /* Zero or more parameters */ +} MIME_HEADER; + +typedef struct { +char *param_name; /* Param name e.g. "micalg" */ +char *param_value; /* Param value e.g. "sha1" */ +} MIME_PARAM; + + +static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); +static PKCS7 *B64_read_PKCS7(BIO *bio); +static char * strip_ends(char *name); +static char * strip_start(char *name); +static char * strip_end(char *name); +static MIME_HEADER *mime_hdr_new(char *name, char *value); +static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); +static STACK *mime_parse_hdr(BIO *bio); +static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b); +static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b); +static void mime_param_free(MIME_PARAM *param); +static int mime_bound_check(char *line, int linelen, char *bound, int blen); +static int multi_split(BIO *bio, char *bound, STACK **ret); +static int iscrlf(char c); +static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name); +static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); +static void mime_hdr_free(MIME_HEADER *hdr); + +#define MAX_SMLEN 1024 +#define mime_debug(x) /* x */ + + +typedef void (*stkfree)(); + +/* Base 64 read and write of PKCS#7 structure */ + +static int B64_write_PKCS7(BIO *bio, PKCS7 *p7) +{ + BIO *b64; + if(!(b64 = BIO_new(BIO_f_base64()))) { + PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE); + return 0; + } + bio = BIO_push(b64, bio); + i2d_PKCS7_bio(bio, p7); + BIO_flush(bio); + bio = BIO_pop(bio); + BIO_free(b64); + return 1; +} + +static PKCS7 *B64_read_PKCS7(BIO *bio) +{ + BIO *b64; + PKCS7 *p7; + if(!(b64 = BIO_new(BIO_f_base64()))) { + PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE); + return 0; + } + bio = BIO_push(b64, bio); + if(!(p7 = d2i_PKCS7_bio(bio, NULL))) + PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR); + BIO_flush(bio); + bio = BIO_pop(bio); + BIO_free(b64); + return p7; +} + +/* SMIME sender */ + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) +{ + char linebuf[MAX_SMLEN]; + char bound[33], c; + int i; + if((flags & PKCS7_DETACHED) && data) { + /* We want multipart/signed */ + /* Generate a random boundary */ + RAND_bytes((unsigned char *)bound, 32); + for(i = 0; i < 32; i++) { + c = bound[i] & 0xf; + if(c < 10) c += '0'; + else c += 'A' - 10; + bound[i] = c; + } + bound[32] = 0; + BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "Content-Type: multipart/signed ; "); + BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; "); + BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound); + BIO_printf(bio, "This is an S/MIME signed message\n\n"); + /* Now write out the first part */ + BIO_printf(bio, "------%s\r\n", bound); + if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); + while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) + BIO_write(bio, linebuf, i); + BIO_printf(bio, "\n------%s\n", bound); + + /* Headers for signature */ + + BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n"); + BIO_printf(bio, "Content-Transfer-Encoding: base64\n"); + BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n"); + B64_write_PKCS7(bio, p7); + BIO_printf(bio,"\n------%s--\n\n", bound); + return 1; + } + /* MIME headers */ + BIO_printf(bio, "MIME-Version: 1.0\n"); + BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n"); + BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n"); + BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n"); + B64_write_PKCS7(bio, p7); + BIO_printf(bio, "\n"); + return 1; +} + +/* SMIME reader: handle multipart/signed and opaque signing. + * in multipart case the content is placed in a memory BIO + * pointed to by "bcont". In opaque this is set to NULL + */ + +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) +{ + BIO *p7in; + STACK *headers = NULL; + STACK *parts = NULL; + MIME_HEADER *hdr; + MIME_PARAM *prm; + PKCS7 *p7; + int ret; + + if(bcont) *bcont = NULL; + + if (!(headers = mime_parse_hdr(bio))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR); + return NULL; + } + + if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE); + return NULL; + } + + /* Handle multipart/signed */ + + if(!strcmp(hdr->value, "multipart/signed")) { + /* Split into two parts */ + prm = mime_param_find(hdr, "boundary"); + if(!prm || !prm->param_value) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY); + return NULL; + } + ret = multi_split(bio, prm->param_value, &parts); + sk_pop_free(headers, mime_hdr_free); + if(!ret || (sk_num(parts) != 2) ) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + + /* Parse the signature piece */ + p7in = (BIO *)sk_value(parts, 1); + + if (!(headers = mime_parse_hdr(p7in))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + + /* Get content type */ + + if(!(hdr = mime_hdr_find(headers, "content-type")) || + !hdr->value) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE); + return NULL; + } + + if(strcmp(hdr->value, "application/x-pkcs7-signature") && + strcmp(hdr->value, "application/pkcs7-signature")) { + sk_pop_free(headers, mime_hdr_free); + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + sk_pop_free(headers, mime_hdr_free); + /* Read in PKCS#7 */ + if(!(p7 = B64_read_PKCS7(p7in))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR); + sk_pop_free(parts, (stkfree)BIO_free); + return NULL; + } + + if(bcont) { + *bcont = (BIO *)sk_value(parts, 0); + BIO_free(p7in); + sk_free(parts); + } else sk_pop_free(parts, (stkfree)BIO_free); + return p7; + } + + /* OK, if not multipart/signed try opaque signature */ + + if (strcmp (hdr->value, "application/x-pkcs7-mime") && + strcmp (hdr->value, "application/pkcs7-mime")) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_pop_free(headers, mime_hdr_free); + return NULL; + } + + sk_pop_free(headers, mime_hdr_free); + + if(!(p7 = B64_read_PKCS7(bio))) { + PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR); + return NULL; + } + return p7; + +} + +/* Copy text from one BIO to another making the output CRLF at EOL */ +int SMIME_crlf_copy(BIO *in, BIO *out, int flags) +{ + char eol; + int len; + char linebuf[MAX_SMLEN]; + if(flags & PKCS7_BINARY) { + while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) + BIO_write(out, linebuf, len); + return 1; + } + if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); + while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { + eol = 0; + while(iscrlf(linebuf[len - 1])) { + len--; + eol = 1; + } + BIO_write(out, linebuf, len); + if(eol) BIO_write(out, "\r\n", 2); + } + return 1; +} + +/* Strip off headers if they are text/plain */ +int SMIME_text(BIO *in, BIO *out) +{ + char iobuf[4096]; + int len; + STACK *headers; + MIME_HEADER *hdr; + if (!(headers = mime_parse_hdr(in))) { + PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); + return 0; + } + if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { + PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); + sk_pop_free(headers, mime_hdr_free); + return 0; + } + if (strcmp (hdr->value, "text/plain")) { + PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); + ERR_add_error_data(2, "type: ", hdr->value); + sk_pop_free(headers, mime_hdr_free); + return 0; + } + sk_pop_free(headers, mime_hdr_free); + while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) + BIO_write(out, iobuf, len); + return 1; +} + +/* Split a multipart/XXX message body into component parts: result is + * canonical parts in a STACK of bios + */ + +static int multi_split(BIO *bio, char *bound, STACK **ret) +{ + char linebuf[MAX_SMLEN]; + int len, blen; + BIO *bpart = NULL; + STACK *parts; + char state, part, first; + blen = strlen(bound); + part = 0; + state = 0; + first = 1; + parts = sk_new(NULL); + *ret = parts; + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + state = mime_bound_check(linebuf, len, bound, blen); + if(state == 1) { + first = 1; + part++; + } else if(state == 2) { + sk_push(parts, (char *)bpart); + return 1; + } else if(part) { + if(first) { + first = 0; + if(bpart) sk_push(parts, (char *)bpart); + bpart = BIO_new(BIO_s_mem()); + + } else BIO_write(bpart, "\r\n", 2); + /* Strip CR+LF from linebuf */ + while(iscrlf(linebuf[len - 1])) len--; + BIO_write(bpart, linebuf, len); + } + } + return 0; +} + +static int iscrlf(char c) +{ + if(c == '\r' || c == '\n') return 1; + return 0; +} + +/* This is the big one: parse MIME header lines up to message body */ + +#define MIME_INVALID 0 +#define MIME_START 1 +#define MIME_TYPE 2 +#define MIME_NAME 3 +#define MIME_VALUE 4 +#define MIME_QUOTE 5 +#define MIME_COMMENT 6 + + +static STACK *mime_parse_hdr(BIO *bio) +{ + char *p, *q, c; + char *ntmp; + char linebuf[MAX_SMLEN]; + MIME_HEADER *mhdr = NULL; + STACK *headers; + int len, state, save_state = 0; + headers = sk_new(mime_hdr_cmp); + while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + /* If whitespace at line start then continuation line */ + if(mhdr && isspace(linebuf[0])) state = MIME_NAME; + else state = MIME_START; + ntmp = NULL; + /* Go through all characters */ + for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) { + + /* State machine to handle MIME headers + * if this looks horrible that's because it *is* + */ + + switch(state) { + case MIME_START: + if(c == ':') { + state = MIME_TYPE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break; + + case MIME_TYPE: + if(c == ';') { + mime_debug("Found End Value\n"); + *p = 0; + mhdr = mime_hdr_new(ntmp, strip_ends(q)); + sk_push(headers, (char *)mhdr); + ntmp = NULL; + q = p + 1; + state = MIME_NAME; + } else if(c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_COMMENT: + if(c == ')') { + state = save_state; + } + break; + + case MIME_NAME: + if(c == '=') { + state = MIME_VALUE; + *p = 0; + ntmp = strip_ends(q); + q = p + 1; + } + break ; + + case MIME_VALUE: + if(c == ';') { + state = MIME_NAME; + *p = 0; + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + ntmp = NULL; + q = p + 1; + } else if (c == '"') { + mime_debug("Found Quote\n"); + state = MIME_QUOTE; + } else if(c == '(') { + save_state = state; + state = MIME_COMMENT; + } + break; + + case MIME_QUOTE: + if(c == '"') { + mime_debug("Found Match Quote\n"); + state = MIME_VALUE; + } + break; + } + } + + if(state == MIME_TYPE) { + mhdr = mime_hdr_new(ntmp, strip_ends(q)); + sk_push(headers, (char *)mhdr); + } else if(state == MIME_VALUE) + mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + if(p == linebuf) break; /* Blank line means end of headers */ +} + +return headers; + +} + +static char *strip_ends(char *name) +{ + return strip_end(strip_start(name)); +} + +/* Strip a parameter of whitespace from start of param */ +static char *strip_start(char *name) +{ + char *p, c; + /* Look for first non white space or quote */ + for(p = name; (c = *p) ;p++) { + if(c == '"') { + /* Next char is start of string if non null */ + if(p[1]) return p + 1; + /* Else null string */ + return NULL; + } + if(!isspace(c)) return p; + } + return NULL; +} + +/* As above but strip from end of string : maybe should handle brackets? */ +static char *strip_end(char *name) +{ + char *p, c; + if(!name) return NULL; + /* Look for first non white space or quote */ + for(p = name + strlen(name) - 1; p >= name ;p--) { + c = *p; + if(c == '"') { + if(p - 1 == name) return NULL; + *p = 0; + return name; + } + if(isspace(c)) *p = 0; + else return name; + } + return NULL; +} + +static MIME_HEADER *mime_hdr_new(char *name, char *value) +{ + MIME_HEADER *mhdr; + char *tmpname, *tmpval, *p; + int c; + if(name) { + if(!(tmpname = BUF_strdup(name))) return NULL; + for(p = tmpname ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpname = NULL; + if(value) { + if(!(tmpval = BUF_strdup(value))) return NULL; + for(p = tmpval ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpval = NULL; + mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER)); + if(!mhdr) return NULL; + mhdr->name = tmpname; + mhdr->value = tmpval; + if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL; + return mhdr; +} + +static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) +{ + char *tmpname, *tmpval, *p; + int c; + MIME_PARAM *mparam; + if(name) { + tmpname = BUF_strdup(name); + if(!tmpname) return 0; + for(p = tmpname ; *p; p++) { + c = *p; + if(isupper(c)) { + c = tolower(c); + *p = c; + } + } + } else tmpname = NULL; + if(value) { + tmpval = BUF_strdup(value); + if(!tmpval) return 0; + } else tmpval = NULL; + /* Paramter values are case sensitive so leave as is */ + mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM)); + if(!mparam) return 0; + mparam->param_name = tmpname; + mparam->param_value = tmpval; + sk_push(mhdr->params, (char *)mparam); + return 1; +} + +static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b) +{ + return(strcmp((*a)->name, (*b)->name)); +} + +static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b) +{ + return(strcmp((*a)->param_name, (*b)->param_name)); +} + +/* Find a header with a given name (if possible) */ + +static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name) +{ + MIME_HEADER htmp; + int idx; + htmp.name = name; + idx = sk_find(hdrs, (char *)&htmp); + if(idx < 0) return NULL; + return (MIME_HEADER *)sk_value(hdrs, idx); +} + +static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) +{ + MIME_PARAM param; + int idx; + param.param_name = name; + idx = sk_find(hdr->params, (char *)¶m); + if(idx < 0) return NULL; + return (MIME_PARAM *)sk_value(hdr->params, idx); +} + +static void mime_hdr_free(MIME_HEADER *hdr) +{ + if(hdr->name) Free(hdr->name); + if(hdr->value) Free(hdr->value); + if(hdr->params) sk_pop_free(hdr->params, mime_param_free); + Free((char *)hdr); +} + +static void mime_param_free(MIME_PARAM *param) +{ + if(param->param_name) Free(param->param_name); + if(param->param_value) Free(param->param_value); + Free((char *)param); +} + +/* Check for a multipart boundary. Returns: + * 0 : no boundary + * 1 : part boundary + * 2 : final boundary + */ +static int mime_bound_check(char *line, int linelen, char *bound, int blen) +{ + if(linelen == -1) linelen = strlen(line); + if(blen == -1) blen = strlen(bound); + /* Quickly eliminate if line length too short */ + if(blen + 2 > linelen) return 0; + /* Check for part boundary */ + if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) { + if(!strncmp(line + blen + 2, "--", 2)) return 2; + else return 1; + } + return 0; +} diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c new file mode 100644 index 0000000000..58bf2d7d28 --- /dev/null +++ b/crypto/pkcs7/pk7_smime.c @@ -0,0 +1,392 @@ +/* pk7_smime.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* Simple PKCS#7 processing functions */ + +#include +#include "cryptlib.h" +#include +#include + +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags) +{ + PKCS7 *p7; + PKCS7_SIGNER_INFO *si; + BIO *p7bio; + STACK *smcap; + int i; + + if(!X509_check_private_key(signcert, pkey)) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + return NULL; + } + + if(!(p7 = PKCS7_new())) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } + + PKCS7_set_type(p7, NID_pkcs7_signed); + + PKCS7_content_new(p7, NID_pkcs7_data); + + if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR); + return NULL; + } + + if(!(flags & PKCS7_NOCERTS)) { + PKCS7_add_certificate(p7, signcert); + if(certs) for(i = 0; i < sk_X509_num(certs); i++) + PKCS7_add_certificate(p7, sk_X509_value(certs, i)); + } + + if(!(p7bio = PKCS7_dataInit(p7, NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } + + + SMIME_crlf_copy(data, p7bio, flags); + + if(!(flags & PKCS7_NOATTR)) { + PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, + V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); + /* Add SMIMECapabilities */ + if(!(smcap = sk_new(NULL))) { + PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); + return NULL; + } +#ifndef NO_DES + PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1); + PKCS7_simple_smimecap (smcap, NID_des_cbc, -1); +#endif +#ifndef NO_RC2 + PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); + PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128); + PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64); +#endif + PKCS7_add_attrib_smimecap (si, smcap); + sk_pop_free(smcap, X509_ALGOR_free); + } + + if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); + + if (!PKCS7_dataFinal(p7,p7bio)) { + PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN); + return NULL; + } + + BIO_free_all(p7bio); + return p7; +} + +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags) +{ + STACK_OF(X509) *signers; + X509 *signer; + STACK_OF(PKCS7_SIGNER_INFO) *sinfos; + PKCS7_SIGNER_INFO *si; + PKCS7_ISSUER_AND_SERIAL *ias; + X509_STORE_CTX cert_ctx; + char buf[4096]; + int i, j=0; + BIO *p7bio; + BIO *tmpout; + + if(OBJ_obj2nid(p7->type) != NID_pkcs7_signed) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE); + return 0; + } + + /* Check for no data and no content: no data to verify signature */ + if(PKCS7_get_detached(p7) && !indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); + return 0; + } + + /* Check for data and content: two sets of data */ + if(!PKCS7_get_detached(p7) && indata) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); + return 0; + } + + sinfos = PKCS7_get_signer_info(p7); + + if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA); + return 0; + } + + + if(!(signers = sk_X509_new(NULL))) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + return 0; + } + + /* Collect all the signers together */ + + for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) + { + si = sk_PKCS7_SIGNER_INFO_value(sinfos, i); + ias = si->issuer_and_serial; + signer = NULL; + /* If any certificates passed they take priority */ + if (certs) signer = X509_find_by_issuer_and_serial (certs, + ias->issuer, ias->serial); + if (!signer && !(flags & PKCS7_NOINTERN) + && p7->d.sign->cert) signer = + X509_find_by_issuer_and_serial (p7->d.sign->cert, + ias->issuer, ias->serial); + if (!signer) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND); + sk_X509_free(signers); + return 0; + } + + sk_X509_push(signers, signer); + } + + + /* Now verify the certificates */ + + if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) { + signer = sk_X509_value (signers, i); + if (!(flags & PKCS7_NOCHAIN)) { + X509_STORE_CTX_init(&cert_ctx, store, signer, + p7->d.sign->cert); + X509_STORE_CTX_set_purpose(&cert_ctx, + X509_PURPOSE_SMIME_SIGN); + } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL); + i = X509_verify_cert(&cert_ctx); + if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); + X509_STORE_CTX_cleanup(&cert_ctx); + if (i <= 0) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR); + ERR_add_error_data(2, "Verify error:", + X509_verify_cert_error_string(j)); + sk_X509_free(signers); + return 0; + } + /* Check for revocation status here */ + } + + p7bio=PKCS7_dataInit(p7,indata); + + if(flags & PKCS7_TEXT) { + if(!(tmpout = BIO_new(BIO_s_mem()))) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE); + goto err; + } + } else tmpout = out; + + /* We now have to 'read' from p7bio to calculate digests etc. */ + for (;;) + { + i=BIO_read(p7bio,buf,sizeof(buf)); + if (i <= 0) break; + if (tmpout) BIO_write(tmpout, buf, i); + } + + if(flags & PKCS7_TEXT) { + if(!SMIME_text(tmpout, out)) { + PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR); + BIO_free(tmpout); + goto err; + } + BIO_free(tmpout); + } + + /* Now Verify All Signatures */ + if (!(flags & PKCS7_NOSIGS)) + for (i=0; iunauth_attr) #define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) +#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) #define PKCS7_type_is_signedAndEnveloped(a) \ (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) @@ -236,6 +237,29 @@ typedef struct pkcs7_st #endif #endif +/* S/MIME related flags */ + +#define PKCS7_TEXT 0x1 +#define PKCS7_NOCERTS 0x2 +#define PKCS7_NOSIGS 0x4 +#define PKCS7_NOCHAIN 0x8 +#define PKCS7_NOINTERN 0x10 +#define PKCS7_NOVERIFY 0x20 +#define PKCS7_DETACHED 0x40 +#define PKCS7_BINARY 0x80 +#define PKCS7_NOATTR 0x100 + +/* Flags: for compatability with older code */ + +#define SMIME_TEXT PKCS7_TEXT +#define SMIME_NOCERTS PKCS7_NOCERTS +#define SMIME_NOSIGS PKCS7_NOSIGS +#define SMIME_NOCHAIN PKCS7_NOCHAIN +#define SMIME_NOINTERN PKCS7_NOINTERN +#define SMIME_NOVERIFY PKCS7_NOVERIFY +#define SMIME_DETACHED PKCS7_DETACHED +#define SMIME_BINARY PKCS7_BINARY +#define SMIME_NOATTR PKCS7_NOATTR PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void ); void PKCS7_ISSUER_AND_SERIAL_free( @@ -368,6 +392,22 @@ int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); +PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, + BIO *data, int flags); +int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, + BIO *indata, BIO *out, int flags); +PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, + int flags); +int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); + +int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap); +STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); +int PKCS7_simple_smimecap(STACK *sk, int nid, int arg); + +int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); +PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); +int SMIME_crlf_copy(BIO *in, BIO *out, int flags); +int SMIME_text(BIO *in, BIO *out); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes @@ -377,6 +417,9 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); /* Error codes for the PKCS7 functions. */ /* Function codes. */ +#define PKCS7_F_B64_READ_PKCS7 120 +#define PKCS7_F_B64_WRITE_PKCS7 121 +#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 #define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 #define PKCS7_F_PKCS7_ADD_CRL 101 #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 @@ -386,20 +429,52 @@ int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); #define PKCS7_F_PKCS7_DATAINIT 105 #define PKCS7_F_PKCS7_DATASIGN 106 #define PKCS7_F_PKCS7_DATAVERIFY 107 +#define PKCS7_F_PKCS7_DECRYPT 114 +#define PKCS7_F_PKCS7_ENCRYPT 115 #define PKCS7_F_PKCS7_SET_CIPHER 108 #define PKCS7_F_PKCS7_SET_CONTENT 109 #define PKCS7_F_PKCS7_SET_TYPE 110 +#define PKCS7_F_PKCS7_SIGN 116 #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 +#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 +#define PKCS7_F_PKCS7_VERIFY 117 +#define PKCS7_F_SMIME_READ_PKCS7 122 +#define PKCS7_F_SMIME_TEXT 123 /* Reason codes. */ +#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 #define PKCS7_R_CIPHER_NOT_INITIALIZED 116 +#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 +#define PKCS7_R_DECODE_ERROR 130 #define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 +#define PKCS7_R_DECRYPT_ERROR 119 #define PKCS7_R_DIGEST_FAILURE 101 +#define PKCS7_R_ERROR_ADDING_RECIPIENT 120 +#define PKCS7_R_ERROR_SETTING_CIPHER 121 #define PKCS7_R_INTERNAL_ERROR 102 +#define PKCS7_R_INVALID_MIME_TYPE 131 +#define PKCS7_R_MIME_NO_CONTENT_TYPE 132 +#define PKCS7_R_MIME_PARSE_ERROR 133 +#define PKCS7_R_MIME_SIG_PARSE_ERROR 134 #define PKCS7_R_MISSING_CERIPEND_INFO 103 +#define PKCS7_R_NO_CONTENT 122 +#define PKCS7_R_NO_CONTENT_TYPE 135 +#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 +#define PKCS7_R_NO_MULTIPART_BOUNDARY 137 #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 +#define PKCS7_R_NO_SIGNATURES_ON_DATA 123 +#define PKCS7_R_NO_SIG_CONTENT_TYPE 138 #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 +#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 +#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 +#define PKCS7_R_PKCS7_DATASIGN 126 +#define PKCS7_R_PKCS7_PARSE_ERROR 139 +#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 +#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 #define PKCS7_R_SIGNATURE_FAILURE 105 +#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 +#define PKCS7_R_SIG_INVALID_MIME_TYPE 141 +#define PKCS7_R_SMIME_TEXT_ERROR 129 #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c index 82be3c2ca1..a6c1ce98fe 100644 --- a/crypto/pkcs7/pkcs7err.c +++ b/crypto/pkcs7/pkcs7err.c @@ -65,6 +65,9 @@ #ifndef NO_ERR static ERR_STRING_DATA PKCS7_str_functs[]= { +{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, +{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, +{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, @@ -74,23 +77,55 @@ static ERR_STRING_DATA PKCS7_str_functs[]= {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, {ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"}, {ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, +{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"}, +{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, +{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, {ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, +{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"}, +{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"}, +{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"}, +{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"}, {0,NULL} }; static ERR_STRING_DATA PKCS7_str_reasons[]= { +{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, {PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"}, +{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"}, +{PKCS7_R_DECODE_ERROR ,"decode error"}, {PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"}, +{PKCS7_R_DECRYPT_ERROR ,"decrypt error"}, {PKCS7_R_DIGEST_FAILURE ,"digest failure"}, +{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"}, +{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"}, {PKCS7_R_INTERNAL_ERROR ,"internal error"}, +{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"}, +{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"}, +{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"}, +{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"}, {PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"}, +{PKCS7_R_NO_CONTENT ,"no content"}, +{PKCS7_R_NO_CONTENT_TYPE ,"no content type"}, +{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"}, +{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"}, {PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"}, +{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"}, +{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"}, {PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, +{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"}, +{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"}, +{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"}, +{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"}, +{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"}, +{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, {PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, +{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, +{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"}, +{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"}, {PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, {PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, {PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, -- 2.25.1