Merge in my S/MIME library and utility.
diff --git a/CHANGES b/CHANGES
index 247d65a..5e1883f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
Changes between 0.9.4 and 0.9.5 [xx XXX 1999]
+ *) Merge in my S/MIME library for OpenSSL. This provides a simple
+ S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
+ functionality to handle multipart/signed properly) and a utility
+ called 'smime' to call all this stuff. This is based on code I
+ originally wrote for Celo who have kindly allowed it to be
+ included in OpenSSL.
+ [Steve Henson]
+
*) Add variants des_set_key_checked and des_set_key_unchecked of
des_set_key (aka des_key_sched). Global variable des_check_key
decides which of these is called by des_set_key; this way
diff --git a/STATUS b/STATUS
index 786d689..7aa7967 100644
--- a/STATUS
+++ b/STATUS
@@ -1,6 +1,6 @@
OpenSSL STATUS Last modified at
- ______________ $Date: 1999/11/11 13:58:22 $
+ ______________ $Date: 1999/12/05 00:40:53 $
DEVELOPMENT STATE
@@ -18,7 +18,6 @@
o shared libraries <behnke@trustcenter.de>
o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)
o SMIME tool (demo), Sampo Kellomaki <sampo@iki.fi>
- o OCSP patch, Massimiliano Pala (madwolf@openca.org)
o CA.pl patch (Damien Miller)
o FreeBSD 3.0 changes (Richard Levitte)
@@ -27,7 +26,7 @@
o Steve is currently working on (in no particular order):
Proper (or at least usable) certificate chain verification.
Private key, certificate and CRL API and implementation.
- Checking and bugfixing PKCS#7 (S/MIME code).
+ Developing and bugfixing PKCS#7 (S/MIME code).
Various X509 issues: character sets, certificate request extensions.
Documentation for the openssl utility.
diff --git a/apps/Makefile.ssl b/apps/Makefile.ssl
index 439f50d..3723585 100644
--- a/apps/Makefile.ssl
+++ b/apps/Makefile.ssl
@@ -38,7 +38,7 @@
rsa dsa dsaparam \
x509 genrsa gendsa s_server s_client speed \
s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
- pkcs8 spkac
+ pkcs8 spkac smime
PROGS= $(PROGRAM).c
@@ -54,7 +54,7 @@
rsa.o dsa.o dsaparam.o \
x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
- ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o
+ ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o
# pem_mail.o
@@ -63,7 +63,7 @@
rsa.c dsa.c dsaparam.c \
x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
- ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c
+ ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c
# pem_mail.c
diff --git a/apps/progs.h b/apps/progs.h
index bd9e806..e60df2a 100644
--- a/apps/progs.h
+++ b/apps/progs.h
@@ -29,6 +29,7 @@
extern int pkcs12_main(int argc,char *argv[]);
extern int pkcs8_main(int argc,char *argv[]);
extern int spkac_main(int argc,char *argv[]);
+extern int smime_main(int argc,char *argv[]);
#ifdef SSLEAY_SRC /* Defined only in openssl.c. */
@@ -96,6 +97,7 @@
#endif
{FUNC_TYPE_GENERAL,"pkcs8",pkcs8_main},
{FUNC_TYPE_GENERAL,"spkac",spkac_main},
+ {FUNC_TYPE_GENERAL,"smime",smime_main},
{FUNC_TYPE_MD,"md2",dgst_main},
{FUNC_TYPE_MD,"md5",dgst_main},
{FUNC_TYPE_MD,"sha",dgst_main},
diff --git a/apps/smime.c b/apps/smime.c
new file mode 100644
index 0000000..75087ea
--- /dev/null
+++ b/apps/smime.c
@@ -0,0 +1,446 @@
+/* smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include "apps.h"
+
+#undef PROG
+#define PROG smime_main
+static X509 *load_cert(char *file);
+static EVP_PKEY *load_key(char *file);
+static STACK_OF(X509) *load_certs(char *file);
+static X509_STORE *setup_verify(char *CAfile, char *CApath);
+
+#define SMIME_OP 0x10
+#define SMIME_ENCRYPT (1 | SMIME_OP)
+#define SMIME_DECRYPT 2
+#define SMIME_SIGN (3 | SMIME_OP)
+#define SMIME_VERIFY 4
+#define SMIME_PK7OUT 5
+
+int MAIN(int argc, char **argv)
+{
+ int operation = 0;
+ int ret = 0;
+ char **args;
+ char *inmode = "r", *outmode = "w";
+ char *infile = NULL, *outfile = NULL;
+ char *signerfile = NULL, *recipfile = NULL;
+ char *certfile = NULL, *keyfile = NULL;
+ EVP_CIPHER *cipher = NULL;
+ PKCS7 *p7 = NULL;
+ X509_STORE *store = NULL;
+ X509 *cert = NULL, *recip = NULL, *signer = NULL;
+ EVP_PKEY *key = NULL;
+ STACK_OF(X509) *encerts = NULL, *other = NULL;
+ BIO *in = NULL, *out = NULL, *indata = NULL;
+ int badarg = 0;
+ int flags = PKCS7_DETACHED;
+ char *to = NULL, *from = NULL, *subject = NULL;
+ char *CAfile = NULL, *CApath = NULL;
+
+ args = argv + 1;
+
+ ret = 1;
+
+ while (!badarg && *args && *args[0] == '-') {
+ if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
+ else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
+ else if (!strcmp (*args, "-sign")) operation = SMIME_SIGN;
+ else if (!strcmp (*args, "-verify")) operation = SMIME_VERIFY;
+ else if (!strcmp (*args, "-pk7out")) operation = SMIME_PK7OUT;
+ else if (!strcmp (*args, "-des3"))
+ cipher = EVP_des_ede3_cbc();
+ else if (!strcmp (*args, "-des"))
+ cipher = EVP_des_cbc();
+ else if (!strcmp (*args, "-rc2-40"))
+ cipher = EVP_rc2_40_cbc();
+ else if (!strcmp (*args, "-rc2-128"))
+ cipher = EVP_rc2_cbc();
+ else if (!strcmp (*args, "-rc2-64"))
+ cipher = EVP_rc2_64_cbc();
+ else if (!strcmp (*args, "-text"))
+ flags |= PKCS7_TEXT;
+ else if (!strcmp (*args, "-nointern"))
+ flags |= PKCS7_NOINTERN;
+ else if (!strcmp (*args, "-noverify"))
+ flags |= PKCS7_NOVERIFY;
+ else if (!strcmp (*args, "-nochain"))
+ flags |= PKCS7_NOCHAIN;
+ else if (!strcmp (*args, "-nocerts"))
+ flags |= PKCS7_NOCERTS;
+ else if (!strcmp (*args, "-noattr"))
+ flags |= PKCS7_NOATTR;
+ else if (!strcmp (*args, "-nodetach"))
+ flags &= ~PKCS7_DETACHED;
+ else if (!strcmp (*args, "-binary"))
+ flags |= PKCS7_BINARY;
+ else if (!strcmp (*args, "-to")) {
+ if (args[1]) {
+ args++;
+ to = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-from")) {
+ if (args[1]) {
+ args++;
+ from = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-subject")) {
+ if (args[1]) {
+ args++;
+ subject = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-signer")) {
+ if (args[1]) {
+ args++;
+ signerfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-recip")) {
+ if (args[1]) {
+ args++;
+ recipfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-inkey")) {
+ if (args[1]) {
+ args++;
+ keyfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-certfile")) {
+ if (args[1]) {
+ args++;
+ certfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-CAfile")) {
+ if (args[1]) {
+ args++;
+ CAfile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-CApath")) {
+ if (args[1]) {
+ args++;
+ CApath = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-in")) {
+ if (args[1]) {
+ args++;
+ infile = *args;
+ } else badarg = 1;
+ } else if (!strcmp (*args, "-out")) {
+ if (args[1]) {
+ args++;
+ outfile = *args;
+ } else badarg = 1;
+ } else badarg = 1;
+ args++;
+ }
+
+ if(operation == SMIME_SIGN) {
+ if(!signerfile) {
+ BIO_printf(bio_err, "No signer certificate specified\n");
+ badarg = 1;
+ }
+ } else if(operation == SMIME_DECRYPT) {
+ if(!recipfile) {
+ BIO_printf(bio_err, "No recipient certificate and key specified\n");
+ badarg = 1;
+ }
+ } else if(operation == SMIME_ENCRYPT) {
+ if(!*args) {
+ BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+ badarg = 1;
+ }
+ } else if(!operation) badarg = 1;
+
+ if (badarg) {
+ BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
+ BIO_printf (bio_err, "where options are\n");
+ BIO_printf (bio_err, "-encrypt encrypt message\n");
+ BIO_printf (bio_err, "-decrypt decrypt encrypted message\n");
+ BIO_printf (bio_err, "-sign sign message\n");
+ BIO_printf (bio_err, "-verify verify signed message\n");
+ BIO_printf (bio_err, "-pk7out output PKCS#7 structure\n");
+ BIO_printf (bio_err, "-des3 encrypt with triple DES\n");
+ BIO_printf (bio_err, "-rc2-40 encrypt with RC2-40\n");
+ BIO_printf (bio_err, "-rc2-64 encrypt with RC2-64\n");
+ BIO_printf (bio_err, "-rc2-128 encrypt with RC2-128\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-certfile file other certificates file\n");
+ BIO_printf (bio_err, "-signer file signer certificate file\n");
+ BIO_printf (bio_err, "-recip file recipient certificate file\n");
+ BIO_printf (bio_err, "-in file input file\n");
+ BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");
+ BIO_printf (bio_err, "-out file output file\n");
+ BIO_printf (bio_err, "-to addr to address\n");
+ BIO_printf (bio_err, "-from ad from address\n");
+ BIO_printf (bio_err, "-subject s subject\n");
+ BIO_printf (bio_err, "-text include or delete text MIME headers\n");
+ BIO_printf (bio_err, "cert.pem recipient certificate(s)\n");
+ goto end;
+ }
+
+ ret = 2;
+
+ if(operation != SMIME_SIGN) flags &= ~PKCS7_DETACHED;
+
+ if(flags & PKCS7_BINARY) {
+ if(operation & SMIME_OP) inmode = "rb";
+ else outmode = "rb";
+ }
+
+ if(operation == SMIME_ENCRYPT) {
+ if (!cipher) cipher = EVP_rc2_40_cbc();
+ while (*args) {
+ encerts = sk_X509_new_null();
+ if(!(cert = load_cert(*args))) {
+ BIO_printf(bio_err, "Can't read recipent certificate file %s\n", *args);
+ goto end;
+ }
+ sk_X509_push (encerts, cert);
+ cert = NULL;
+ args++;
+ }
+ }
+
+ if(signerfile) {
+ if(!(signer = load_cert(signerfile))) {
+ BIO_printf(bio_err, "Can't read signer certificate file %s\n", signerfile);
+ goto end;
+ }
+ }
+
+ if(certfile) {
+ if(!(other = load_certs(certfile))) {
+ BIO_printf(bio_err, "Can't read certificate file %s\n", certfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if(recipfile) {
+ if(!(recip = load_cert(recipfile))) {
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", recipfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if(operation == SMIME_DECRYPT) {
+ if(!keyfile) keyfile = recipfile;
+ } else if(operation == SMIME_SIGN) {
+ if(!keyfile) keyfile = signerfile;
+ } else keyfile = NULL;
+
+ if(keyfile) {
+ if(!(key = load_key(keyfile))) {
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", keyfile);
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+ }
+
+ if (infile) {
+ if (!(in = BIO_new_file(infile, inmode))) {
+ BIO_printf (bio_err,
+ "Can't open input file %s\n", infile);
+ goto end;
+ }
+ } else in = BIO_new_fp(stdin, BIO_NOCLOSE);
+
+ if (outfile) {
+ if (!(out = BIO_new_file(outfile, outmode))) {
+ BIO_printf (bio_err,
+ "Can't open output file %s\n", outfile);
+ goto end;
+ }
+ } else out = BIO_new_fp(stdout, BIO_NOCLOSE);
+
+ if(operation == SMIME_VERIFY)
+ if(!(store = setup_verify(CAfile, CApath))) goto end;
+
+ ret = 3;
+ if(operation == SMIME_ENCRYPT) {
+ p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+ } else if(operation == SMIME_SIGN) {
+ p7 = PKCS7_sign(signer, key, other, in, flags);
+ BIO_reset(in);
+ } else {
+ if(!(p7 = SMIME_read_PKCS7(in, &indata))) {
+ BIO_printf(bio_err, "Error reading S/MIME message\n");
+ ret = 4;
+ goto end;
+ }
+ }
+
+ if(!p7) {
+ BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
+ goto end;
+ }
+
+ if(operation == SMIME_DECRYPT) {
+ if(!PKCS7_decrypt(p7, key, recip, out, flags))
+ BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
+ else ret = 0;
+ } else if(operation == SMIME_VERIFY) {
+ if(PKCS7_verify(p7, other, store, indata, out, flags)) {
+ BIO_printf(bio_err, "Verification Successful\n");
+ ret = 0;
+ } else {
+ BIO_printf(bio_err, "Verification Failure\n");
+ ret = 5;
+ }
+ } else if(operation == SMIME_PK7OUT) {
+ PEM_write_bio_PKCS7(out, p7);
+ } else {
+ if(to) BIO_printf(out, "To: %s\n", to);
+ if(from) BIO_printf(out, "From: %s\n", from);
+ if(subject) BIO_printf(out, "Subject: %s\n", subject);
+ SMIME_write_PKCS7(out, p7, in, flags);
+ }
+end:
+ if(ret) ERR_print_errors(bio_err);
+ sk_X509_pop_free(encerts, X509_free);
+ sk_X509_pop_free(other, X509_free);
+ X509_STORE_free(store);
+ X509_free(cert);
+ X509_free(recip);
+ X509_free(signer);
+ EVP_PKEY_free(key);
+ PKCS7_free(p7);
+ BIO_free(in);
+ BIO_free(indata);
+ BIO_free(out);
+ return (ret);
+}
+
+static X509 *load_cert(char *file)
+{
+ BIO *in;
+ X509 *cert;
+ if(!(in = BIO_new_file(file, "r"))) return NULL;
+ cert = PEM_read_bio_X509(in, NULL, NULL,NULL);
+ BIO_free(in);
+ return cert;
+}
+
+static EVP_PKEY *load_key(char *file)
+{
+ BIO *in;
+ EVP_PKEY *key;
+ if(!(in = BIO_new_file(file, "r"))) return NULL;
+ key = PEM_read_bio_PrivateKey(in, NULL, NULL,NULL);
+ BIO_free(in);
+ return key;
+}
+
+static STACK_OF(X509) *load_certs(char *file)
+{
+ BIO *in;
+ int i;
+ STACK_OF(X509) *othercerts;
+ STACK_OF(X509_INFO) *allcerts;
+ X509_INFO *xi;
+ if(!(in = BIO_new_file(file, "r"))) return NULL;
+ othercerts = sk_X509_new(NULL);
+ if(!othercerts) return NULL;
+ allcerts = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+ for(i = 0; i < sk_X509_INFO_num(allcerts); i++) {
+ xi = sk_X509_INFO_value (allcerts, i);
+ if (xi->x509) {
+ sk_X509_push(othercerts, xi->x509);
+ xi->x509 = NULL;
+ }
+ }
+ sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+ BIO_free(in);
+ return othercerts;
+}
+
+static X509_STORE *setup_verify(char *CAfile, char *CApath)
+{
+ X509_STORE *store;
+ X509_LOOKUP *lookup;
+ if(!(store = X509_STORE_new())) goto end;
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
+ if (lookup == NULL) goto end;
+ if (CAfile) {
+ if(!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+ goto end;
+ }
+ } else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
+ if (lookup == NULL) goto end;
+ if (CApath) {
+ if(!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM)) {
+ BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+ goto end;
+ }
+ } else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
+
+ ERR_clear_error();
+ return store;
+ end:
+ X509_STORE_free(store);
+ return NULL;
+}
diff --git a/crypto/pkcs12/pk12err.c b/crypto/pkcs12/pk12err.c
index 00140a4..9d8de10 100644
--- a/crypto/pkcs12/pk12err.c
+++ b/crypto/pkcs12/pk12err.c
@@ -79,7 +79,7 @@
{ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"},
{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"},
{ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"},
-{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_NEWPASS"},
+{ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"},
{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"},
{ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"},
{ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"},
diff --git a/crypto/pkcs7/Makefile.ssl b/crypto/pkcs7/Makefile.ssl
index ea60491..b57c68f 100644
--- a/crypto/pkcs7/Makefile.ssl
+++ b/crypto/pkcs7/Makefile.ssl
@@ -25,8 +25,8 @@
APPS=
LIB=$(TOP)/libcrypto.a
-LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c
-LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o
+LIBSRC= pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c pk7_mime.c
+LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o pk7_mime.o
SRC= $(LIBSRC)
diff --git a/crypto/pkcs7/pk7_attr.c b/crypto/pkcs7/pk7_attr.c
new file mode 100644
index 0000000..3b9c0fe
--- /dev/null
+++ b/crypto/pkcs7/pk7_attr.c
@@ -0,0 +1,85 @@
+/* pk7_attr.c */
+/* S/MIME code.
+ * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com)
+ * All Rights Reserved.
+ * Redistribution of this code without the authors permission is expressly
+ * prohibited.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
+{
+ ASN1_STRING *seq;
+ unsigned char *p, *pp;
+ int len;
+ len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+ if(!(pp=(unsigned char *)Malloc(len))) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ p=pp;
+ i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL, IS_SEQUENCE);
+ if(!(seq = ASN1_STRING_new())) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!ASN1_STRING_set (seq, pp, len)) {
+ PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ Free (pp);
+ return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+ V_ASN1_SEQUENCE, seq);
+}
+
+STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
+ ASN1_TYPE *cap;
+ unsigned char *p;
+ cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+ if (!cap) return NULL;
+ p = cap->value.sequence->data;
+ return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length,
+ (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL);
+}
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
+{
+ X509_ALGOR *alg;
+ if(!(alg = X509_ALGOR_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ASN1_OBJECT_free(alg->algorithm);
+ alg->algorithm = OBJ_nid2obj (nid);
+ if (arg > 0) {
+ ASN1_INTEGER *nbit;
+ if(!(alg->parameter = ASN1_TYPE_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!(nbit = ASN1_INTEGER_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!ASN1_INTEGER_set (nbit, arg)) {
+ PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ alg->parameter->value.integer = nbit;
+ alg->parameter->type = V_ASN1_INTEGER;
+ }
+ sk_push (sk, (char *)alg);
+ return 1;
+}
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index 7feb012..acc9cc4 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -61,6 +61,7 @@
#include <openssl/rand.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include <openssl/x509v3.h>
static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
void *value);
@@ -680,6 +681,7 @@
/* Lets verify */
X509_STORE_CTX_init(ctx,cert_store,x509,cert);
+ X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
i=X509_verify_cert(ctx);
if (i <= 0)
{
diff --git a/crypto/pkcs7/pk7_mime.c b/crypto/pkcs7/pk7_mime.c
new file mode 100644
index 0000000..f346259
--- /dev/null
+++ b/crypto/pkcs7/pk7_mime.c
@@ -0,0 +1,673 @@
+/* pk7_mime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include "cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+
+/* MIME and related routines */
+
+/* MIME format structures
+ * Note that all are translated to lower case apart from
+ * parameter values. Quotes are stripped off
+ */
+
+typedef struct {
+char *name; /* Name of line e.g. "content-type" */
+char *value; /* Value of line e.g. "text/plain" */
+STACK /* MIME_PARAM */ *params; /* Zero or more parameters */
+} MIME_HEADER;
+
+typedef struct {
+char *param_name; /* Param name e.g. "micalg" */
+char *param_value; /* Param value e.g. "sha1" */
+} MIME_PARAM;
+
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
+static PKCS7 *B64_read_PKCS7(BIO *bio);
+static char * strip_ends(char *name);
+static char * strip_start(char *name);
+static char * strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(char *name, char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
+static STACK *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);
+static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, char *bound, int blen);
+static int multi_split(BIO *bio, char *bound, STACK **ret);
+static int iscrlf(char c);
+static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x) /* x */
+
+
+typedef void (*stkfree)();
+
+/* Base 64 read and write of PKCS#7 structure */
+
+static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
+{
+ BIO *b64;
+ if(!(b64 = BIO_new(BIO_f_base64()))) {
+ PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ bio = BIO_push(b64, bio);
+ i2d_PKCS7_bio(bio, p7);
+ BIO_flush(bio);
+ bio = BIO_pop(bio);
+ BIO_free(b64);
+ return 1;
+}
+
+static PKCS7 *B64_read_PKCS7(BIO *bio)
+{
+ BIO *b64;
+ PKCS7 *p7;
+ if(!(b64 = BIO_new(BIO_f_base64()))) {
+ PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ bio = BIO_push(b64, bio);
+ if(!(p7 = d2i_PKCS7_bio(bio, NULL)))
+ PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
+ BIO_flush(bio);
+ bio = BIO_pop(bio);
+ BIO_free(b64);
+ return p7;
+}
+
+/* SMIME sender */
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+ char linebuf[MAX_SMLEN];
+ char bound[33], c;
+ int i;
+ if((flags & PKCS7_DETACHED) && data) {
+ /* We want multipart/signed */
+ /* Generate a random boundary */
+ RAND_bytes((unsigned char *)bound, 32);
+ for(i = 0; i < 32; i++) {
+ c = bound[i] & 0xf;
+ if(c < 10) c += '0';
+ else c += 'A' - 10;
+ bound[i] = c;
+ }
+ bound[32] = 0;
+ BIO_printf(bio, "MIME-Version: 1.0\n");
+ BIO_printf(bio, "Content-Type: multipart/signed ; ");
+ BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; ");
+ BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
+ BIO_printf(bio, "This is an S/MIME signed message\n\n");
+ /* Now write out the first part */
+ BIO_printf(bio, "------%s\r\n", bound);
+ if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
+ while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0)
+ BIO_write(bio, linebuf, i);
+ BIO_printf(bio, "\n------%s\n", bound);
+
+ /* Headers for signature */
+
+ BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
+ BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
+ BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
+ B64_write_PKCS7(bio, p7);
+ BIO_printf(bio,"\n------%s--\n\n", bound);
+ return 1;
+ }
+ /* MIME headers */
+ BIO_printf(bio, "MIME-Version: 1.0\n");
+ BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
+ BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
+ BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
+ B64_write_PKCS7(bio, p7);
+ BIO_printf(bio, "\n");
+ return 1;
+}
+
+/* SMIME reader: handle multipart/signed and opaque signing.
+ * in multipart case the content is placed in a memory BIO
+ * pointed to by "bcont". In opaque this is set to NULL
+ */
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+ BIO *p7in;
+ STACK *headers = NULL;
+ STACK *parts = NULL;
+ MIME_HEADER *hdr;
+ MIME_PARAM *prm;
+ PKCS7 *p7;
+ int ret;
+
+ if(bcont) *bcont = NULL;
+
+ if (!(headers = mime_parse_hdr(bio))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
+ return NULL;
+ }
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
+ return NULL;
+ }
+
+ /* Handle multipart/signed */
+
+ if(!strcmp(hdr->value, "multipart/signed")) {
+ /* Split into two parts */
+ prm = mime_param_find(hdr, "boundary");
+ if(!prm || !prm->param_value) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
+ return NULL;
+ }
+ ret = multi_split(bio, prm->param_value, &parts);
+ sk_pop_free(headers, mime_hdr_free);
+ if(!ret || (sk_num(parts) != 2) ) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+
+ /* Parse the signature piece */
+ p7in = (BIO *)sk_value(parts, 1);
+
+ if (!(headers = mime_parse_hdr(p7in))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+
+ /* Get content type */
+
+ if(!(hdr = mime_hdr_find(headers, "content-type")) ||
+ !hdr->value) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
+ return NULL;
+ }
+
+ if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
+ strcmp(hdr->value, "application/pkcs7-signature")) {
+ sk_pop_free(headers, mime_hdr_free);
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+ sk_pop_free(headers, mime_hdr_free);
+ /* Read in PKCS#7 */
+ if(!(p7 = B64_read_PKCS7(p7in))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
+ sk_pop_free(parts, (stkfree)BIO_free);
+ return NULL;
+ }
+
+ if(bcont) {
+ *bcont = (BIO *)sk_value(parts, 0);
+ BIO_free(p7in);
+ sk_free(parts);
+ } else sk_pop_free(parts, (stkfree)BIO_free);
+ return p7;
+ }
+
+ /* OK, if not multipart/signed try opaque signature */
+
+ if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
+ strcmp (hdr->value, "application/pkcs7-mime")) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_pop_free(headers, mime_hdr_free);
+ return NULL;
+ }
+
+ sk_pop_free(headers, mime_hdr_free);
+
+ if(!(p7 = B64_read_PKCS7(bio))) {
+ PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
+ return NULL;
+ }
+ return p7;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+ char eol;
+ int len;
+ char linebuf[MAX_SMLEN];
+ if(flags & PKCS7_BINARY) {
+ while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+ BIO_write(out, linebuf, len);
+ return 1;
+ }
+ if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+ while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+ eol = 0;
+ while(iscrlf(linebuf[len - 1])) {
+ len--;
+ eol = 1;
+ }
+ BIO_write(out, linebuf, len);
+ if(eol) BIO_write(out, "\r\n", 2);
+ }
+ return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+ char iobuf[4096];
+ int len;
+ STACK *headers;
+ MIME_HEADER *hdr;
+ if (!(headers = mime_parse_hdr(in))) {
+ PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
+ return 0;
+ }
+ if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+ PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
+ sk_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ if (strcmp (hdr->value, "text/plain")) {
+ PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
+ ERR_add_error_data(2, "type: ", hdr->value);
+ sk_pop_free(headers, mime_hdr_free);
+ return 0;
+ }
+ sk_pop_free(headers, mime_hdr_free);
+ while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+ BIO_write(out, iobuf, len);
+ return 1;
+}
+
+/* Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, char *bound, STACK **ret)
+{
+ char linebuf[MAX_SMLEN];
+ int len, blen;
+ BIO *bpart = NULL;
+ STACK *parts;
+ char state, part, first;
+ blen = strlen(bound);
+ part = 0;
+ state = 0;
+ first = 1;
+ parts = sk_new(NULL);
+ *ret = parts;
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ state = mime_bound_check(linebuf, len, bound, blen);
+ if(state == 1) {
+ first = 1;
+ part++;
+ } else if(state == 2) {
+ sk_push(parts, (char *)bpart);
+ return 1;
+ } else if(part) {
+ if(first) {
+ first = 0;
+ if(bpart) sk_push(parts, (char *)bpart);
+ bpart = BIO_new(BIO_s_mem());
+
+ } else BIO_write(bpart, "\r\n", 2);
+ /* Strip CR+LF from linebuf */
+ while(iscrlf(linebuf[len - 1])) len--;
+ BIO_write(bpart, linebuf, len);
+ }
+ }
+ return 0;
+}
+
+static int iscrlf(char c)
+{
+ if(c == '\r' || c == '\n') return 1;
+ return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID 0
+#define MIME_START 1
+#define MIME_TYPE 2
+#define MIME_NAME 3
+#define MIME_VALUE 4
+#define MIME_QUOTE 5
+#define MIME_COMMENT 6
+
+
+static STACK *mime_parse_hdr(BIO *bio)
+{
+ char *p, *q, c;
+ char *ntmp;
+ char linebuf[MAX_SMLEN];
+ MIME_HEADER *mhdr = NULL;
+ STACK *headers;
+ int len, state, save_state = 0;
+ headers = sk_new(mime_hdr_cmp);
+ while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+ /* If whitespace at line start then continuation line */
+ if(mhdr && isspace(linebuf[0])) state = MIME_NAME;
+ else state = MIME_START;
+ ntmp = NULL;
+ /* Go through all characters */
+ for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
+
+ /* State machine to handle MIME headers
+ * if this looks horrible that's because it *is*
+ */
+
+ switch(state) {
+ case MIME_START:
+ if(c == ':') {
+ state = MIME_TYPE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break;
+
+ case MIME_TYPE:
+ if(c == ';') {
+ mime_debug("Found End Value\n");
+ *p = 0;
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_push(headers, (char *)mhdr);
+ ntmp = NULL;
+ q = p + 1;
+ state = MIME_NAME;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_COMMENT:
+ if(c == ')') {
+ state = save_state;
+ }
+ break;
+
+ case MIME_NAME:
+ if(c == '=') {
+ state = MIME_VALUE;
+ *p = 0;
+ ntmp = strip_ends(q);
+ q = p + 1;
+ }
+ break ;
+
+ case MIME_VALUE:
+ if(c == ';') {
+ state = MIME_NAME;
+ *p = 0;
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ ntmp = NULL;
+ q = p + 1;
+ } else if (c == '"') {
+ mime_debug("Found Quote\n");
+ state = MIME_QUOTE;
+ } else if(c == '(') {
+ save_state = state;
+ state = MIME_COMMENT;
+ }
+ break;
+
+ case MIME_QUOTE:
+ if(c == '"') {
+ mime_debug("Found Match Quote\n");
+ state = MIME_VALUE;
+ }
+ break;
+ }
+ }
+
+ if(state == MIME_TYPE) {
+ mhdr = mime_hdr_new(ntmp, strip_ends(q));
+ sk_push(headers, (char *)mhdr);
+ } else if(state == MIME_VALUE)
+ mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+ if(p == linebuf) break; /* Blank line means end of headers */
+}
+
+return headers;
+
+}
+
+static char *strip_ends(char *name)
+{
+ return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+ char *p, c;
+ /* Look for first non white space or quote */
+ for(p = name; (c = *p) ;p++) {
+ if(c == '"') {
+ /* Next char is start of string if non null */
+ if(p[1]) return p + 1;
+ /* Else null string */
+ return NULL;
+ }
+ if(!isspace(c)) return p;
+ }
+ return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+ char *p, c;
+ if(!name) return NULL;
+ /* Look for first non white space or quote */
+ for(p = name + strlen(name) - 1; p >= name ;p--) {
+ c = *p;
+ if(c == '"') {
+ if(p - 1 == name) return NULL;
+ *p = 0;
+ return name;
+ }
+ if(isspace(c)) *p = 0;
+ else return name;
+ }
+ return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(char *name, char *value)
+{
+ MIME_HEADER *mhdr;
+ char *tmpname, *tmpval, *p;
+ int c;
+ if(name) {
+ if(!(tmpname = BUF_strdup(name))) return NULL;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ if(!(tmpval = BUF_strdup(value))) return NULL;
+ for(p = tmpval ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpval = NULL;
+ mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER));
+ if(!mhdr) return NULL;
+ mhdr->name = tmpname;
+ mhdr->value = tmpval;
+ if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL;
+ return mhdr;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
+{
+ char *tmpname, *tmpval, *p;
+ int c;
+ MIME_PARAM *mparam;
+ if(name) {
+ tmpname = BUF_strdup(name);
+ if(!tmpname) return 0;
+ for(p = tmpname ; *p; p++) {
+ c = *p;
+ if(isupper(c)) {
+ c = tolower(c);
+ *p = c;
+ }
+ }
+ } else tmpname = NULL;
+ if(value) {
+ tmpval = BUF_strdup(value);
+ if(!tmpval) return 0;
+ } else tmpval = NULL;
+ /* Paramter values are case sensitive so leave as is */
+ mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
+ if(!mparam) return 0;
+ mparam->param_name = tmpname;
+ mparam->param_value = tmpval;
+ sk_push(mhdr->params, (char *)mparam);
+ return 1;
+}
+
+static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)
+{
+ return(strcmp((*a)->name, (*b)->name));
+}
+
+static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)
+{
+ return(strcmp((*a)->param_name, (*b)->param_name));
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name)
+{
+ MIME_HEADER htmp;
+ int idx;
+ htmp.name = name;
+ idx = sk_find(hdrs, (char *)&htmp);
+ if(idx < 0) return NULL;
+ return (MIME_HEADER *)sk_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
+{
+ MIME_PARAM param;
+ int idx;
+ param.param_name = name;
+ idx = sk_find(hdr->params, (char *)¶m);
+ if(idx < 0) return NULL;
+ return (MIME_PARAM *)sk_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+ if(hdr->name) Free(hdr->name);
+ if(hdr->value) Free(hdr->value);
+ if(hdr->params) sk_pop_free(hdr->params, mime_param_free);
+ Free((char *)hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+ if(param->param_name) Free(param->param_name);
+ if(param->param_value) Free(param->param_value);
+ Free((char *)param);
+}
+
+/* Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, char *bound, int blen)
+{
+ if(linelen == -1) linelen = strlen(line);
+ if(blen == -1) blen = strlen(bound);
+ /* Quickly eliminate if line length too short */
+ if(blen + 2 > linelen) return 0;
+ /* Check for part boundary */
+ if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+ if(!strncmp(line + blen + 2, "--", 2)) return 2;
+ else return 1;
+ }
+ return 0;
+}
diff --git a/crypto/pkcs7/pk7_smime.c b/crypto/pkcs7/pk7_smime.c
new file mode 100644
index 0000000..58bf2d7
--- /dev/null
+++ b/crypto/pkcs7/pk7_smime.c
@@ -0,0 +1,392 @@
+/* pk7_smime.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, int flags)
+{
+ PKCS7 *p7;
+ PKCS7_SIGNER_INFO *si;
+ BIO *p7bio;
+ STACK *smcap;
+ int i;
+
+ if(!X509_check_private_key(signcert, pkey)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ return NULL;
+ }
+
+ if(!(p7 = PKCS7_new())) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ PKCS7_set_type(p7, NID_pkcs7_signed);
+
+ PKCS7_content_new(p7, NID_pkcs7_data);
+
+ if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+ return NULL;
+ }
+
+ if(!(flags & PKCS7_NOCERTS)) {
+ PKCS7_add_certificate(p7, signcert);
+ if(certs) for(i = 0; i < sk_X509_num(certs); i++)
+ PKCS7_add_certificate(p7, sk_X509_value(certs, i));
+ }
+
+ if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+
+ SMIME_crlf_copy(data, p7bio, flags);
+
+ if(!(flags & PKCS7_NOATTR)) {
+ PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+ V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
+ /* Add SMIMECapabilities */
+ if(!(smcap = sk_new(NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+#ifndef NO_DES
+ PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
+ PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
+#endif
+#ifndef NO_RC2
+ PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
+ PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
+ PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
+#endif
+ PKCS7_add_attrib_smimecap (si, smcap);
+ sk_pop_free(smcap, X509_ALGOR_free);
+ }
+
+ if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
+
+ if (!PKCS7_dataFinal(p7,p7bio)) {
+ PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
+ return NULL;
+ }
+
+ BIO_free_all(p7bio);
+ return p7;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+ BIO *indata, BIO *out, int flags)
+{
+ STACK_OF(X509) *signers;
+ X509 *signer;
+ STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+ PKCS7_SIGNER_INFO *si;
+ PKCS7_ISSUER_AND_SERIAL *ias;
+ X509_STORE_CTX cert_ctx;
+ char buf[4096];
+ int i, j=0;
+ BIO *p7bio;
+ BIO *tmpout;
+
+ if(OBJ_obj2nid(p7->type) != NID_pkcs7_signed) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
+ return 0;
+ }
+
+ /* Check for no data and no content: no data to verify signature */
+ if(PKCS7_get_detached(p7) && !indata) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
+ return 0;
+ }
+
+ /* Check for data and content: two sets of data */
+ if(!PKCS7_get_detached(p7) && indata) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
+ return 0;
+ }
+
+ sinfos = PKCS7_get_signer_info(p7);
+
+ if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
+ return 0;
+ }
+
+
+ if(!(signers = sk_X509_new(NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ /* Collect all the signers together */
+
+ for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+ {
+ si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+ ias = si->issuer_and_serial;
+ signer = NULL;
+ /* If any certificates passed they take priority */
+ if (certs) signer = X509_find_by_issuer_and_serial (certs,
+ ias->issuer, ias->serial);
+ if (!signer && !(flags & PKCS7_NOINTERN)
+ && p7->d.sign->cert) signer =
+ X509_find_by_issuer_and_serial (p7->d.sign->cert,
+ ias->issuer, ias->serial);
+ if (!signer) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+ sk_X509_free(signers);
+ return 0;
+ }
+
+ sk_X509_push(signers, signer);
+ }
+
+
+ /* Now verify the certificates */
+
+ if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) {
+ signer = sk_X509_value (signers, i);
+ if (!(flags & PKCS7_NOCHAIN)) {
+ X509_STORE_CTX_init(&cert_ctx, store, signer,
+ p7->d.sign->cert);
+ X509_STORE_CTX_set_purpose(&cert_ctx,
+ X509_PURPOSE_SMIME_SIGN);
+ } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
+ i = X509_verify_cert(&cert_ctx);
+ if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
+ X509_STORE_CTX_cleanup(&cert_ctx);
+ if (i <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+ ERR_add_error_data(2, "Verify error:",
+ X509_verify_cert_error_string(j));
+ sk_X509_free(signers);
+ return 0;
+ }
+ /* Check for revocation status here */
+ }
+
+ p7bio=PKCS7_dataInit(p7,indata);
+
+ if(flags & PKCS7_TEXT) {
+ if(!(tmpout = BIO_new(BIO_s_mem()))) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+ } else tmpout = out;
+
+ /* We now have to 'read' from p7bio to calculate digests etc. */
+ for (;;)
+ {
+ i=BIO_read(p7bio,buf,sizeof(buf));
+ if (i <= 0) break;
+ if (tmpout) BIO_write(tmpout, buf, i);
+ }
+
+ if(flags & PKCS7_TEXT) {
+ if(!SMIME_text(tmpout, out)) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
+ BIO_free(tmpout);
+ goto err;
+ }
+ BIO_free(tmpout);
+ }
+
+ /* Now Verify All Signatures */
+ if (!(flags & PKCS7_NOSIGS))
+ for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
+ {
+ si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
+ signer = sk_X509_value (signers, i);
+ j=PKCS7_signatureVerify(p7bio,p7,si, signer);
+ if (j <= 0) {
+ PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
+ goto err;
+ }
+ }
+
+ sk_X509_free(signers);
+ if(indata) BIO_pop(p7bio);
+ BIO_free_all(p7bio);
+
+ return 1;
+
+ err:
+
+ sk_X509_free(signers);
+ BIO_free(p7bio);
+
+ return 0;
+}
+
+/* Build a complete PKCS#7 enveloped data */
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+ int flags)
+{
+ PKCS7 *p7;
+ BIO *p7bio = NULL;
+ int i;
+ X509 *x509;
+ char inbuf[4096];
+ static char txthdr[] = "Content-type: text/plain\r\n\r\n";
+ if(!(p7 = PKCS7_new())) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ PKCS7_set_type(p7, NID_pkcs7_enveloped);
+ if(!PKCS7_set_cipher(p7, cipher)) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
+ goto err;
+ }
+
+ for(i = 0; i < sk_X509_num(certs); i++) {
+ x509 = sk_X509_value(certs, i);
+ if(!PKCS7_add_recipient(p7, x509)) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
+ PKCS7_R_ERROR_ADDING_RECIPIENT);
+ goto err;
+ }
+ }
+
+ if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if(flags & PKCS7_TEXT) {
+ if(BIO_write(p7bio, txthdr, sizeof(txthdr) - 1) < 0) {
+ goto err;
+ }
+ }
+
+ for (;;) {
+ i = BIO_read(in, inbuf, sizeof(inbuf));
+ if (i <= 0) break;
+ BIO_write(p7bio, inbuf, i);
+ }
+ BIO_flush(p7bio);
+
+ if (!PKCS7_dataFinal(p7,p7bio)) {
+ PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
+ goto err;
+ }
+ BIO_free_all(p7bio);
+
+ return p7;
+
+ err:
+
+ BIO_free(p7bio);
+ PKCS7_free(p7);
+ return NULL;
+
+}
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+{
+ BIO *tmpmem;
+ int ret, i;
+ char buf[4096];
+ if(!PKCS7_type_is_enveloped(p7)) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
+ return 0;
+ }
+ if(!X509_check_private_key(cert, pkey)) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+ PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+ return 0;
+ }
+
+ if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+ return 0;
+ }
+
+ if (flags & PKCS7_TEXT) {
+ BIO *tmpbuf, *bread;
+ /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+ if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ if(!(bread = BIO_push(tmpbuf, tmpmem))) {
+ PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ ret = SMIME_text(bread, data);
+ BIO_free_all(bread);
+ return ret;
+ } else {
+ for(;;) {
+ i = BIO_read(tmpmem, buf, sizeof(buf));
+ if(i <= 0) break;
+ BIO_write(data, buf, i);
+ }
+ BIO_free_all(tmpmem);
+ return 1;
+ }
+}
diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h
index 839439a..d30a05b 100644
--- a/crypto/pkcs7/pkcs7.h
+++ b/crypto/pkcs7/pkcs7.h
@@ -219,6 +219,7 @@
#define PKCS7_get_attributes(si) ((si)->unauth_attr)
#define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+#define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
#define PKCS7_type_is_signedAndEnveloped(a) \
(OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
#define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
@@ -236,6 +237,29 @@
#endif
#endif
+/* S/MIME related flags */
+
+#define PKCS7_TEXT 0x1
+#define PKCS7_NOCERTS 0x2
+#define PKCS7_NOSIGS 0x4
+#define PKCS7_NOCHAIN 0x8
+#define PKCS7_NOINTERN 0x10
+#define PKCS7_NOVERIFY 0x20
+#define PKCS7_DETACHED 0x40
+#define PKCS7_BINARY 0x80
+#define PKCS7_NOATTR 0x100
+
+/* Flags: for compatability with older code */
+
+#define SMIME_TEXT PKCS7_TEXT
+#define SMIME_NOCERTS PKCS7_NOCERTS
+#define SMIME_NOSIGS PKCS7_NOSIGS
+#define SMIME_NOCHAIN PKCS7_NOCHAIN
+#define SMIME_NOINTERN PKCS7_NOINTERN
+#define SMIME_NOVERIFY PKCS7_NOVERIFY
+#define SMIME_DETACHED PKCS7_DETACHED
+#define SMIME_BINARY PKCS7_BINARY
+#define SMIME_NOATTR PKCS7_NOATTR
PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void );
void PKCS7_ISSUER_AND_SERIAL_free(
@@ -368,6 +392,22 @@
int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk);
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+ BIO *data, int flags);
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+ BIO *indata, BIO *out, int flags);
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
+ int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap);
+STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
+int PKCS7_simple_smimecap(STACK *sk, int nid, int arg);
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -377,6 +417,9 @@
/* Error codes for the PKCS7 functions. */
/* Function codes. */
+#define PKCS7_F_B64_READ_PKCS7 120
+#define PKCS7_F_B64_WRITE_PKCS7 121
+#define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118
#define PKCS7_F_PKCS7_ADD_CERTIFICATE 100
#define PKCS7_F_PKCS7_ADD_CRL 101
#define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102
@@ -386,20 +429,52 @@
#define PKCS7_F_PKCS7_DATAINIT 105
#define PKCS7_F_PKCS7_DATASIGN 106
#define PKCS7_F_PKCS7_DATAVERIFY 107
+#define PKCS7_F_PKCS7_DECRYPT 114
+#define PKCS7_F_PKCS7_ENCRYPT 115
#define PKCS7_F_PKCS7_SET_CIPHER 108
#define PKCS7_F_PKCS7_SET_CONTENT 109
#define PKCS7_F_PKCS7_SET_TYPE 110
+#define PKCS7_F_PKCS7_SIGN 116
#define PKCS7_F_PKCS7_SIGNATUREVERIFY 113
+#define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119
+#define PKCS7_F_PKCS7_VERIFY 117
+#define PKCS7_F_SMIME_READ_PKCS7 122
+#define PKCS7_F_SMIME_TEXT 123
/* Reason codes. */
+#define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117
#define PKCS7_R_CIPHER_NOT_INITIALIZED 116
+#define PKCS7_R_CONTENT_AND_DATA_PRESENT 118
+#define PKCS7_R_DECODE_ERROR 130
#define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100
+#define PKCS7_R_DECRYPT_ERROR 119
#define PKCS7_R_DIGEST_FAILURE 101
+#define PKCS7_R_ERROR_ADDING_RECIPIENT 120
+#define PKCS7_R_ERROR_SETTING_CIPHER 121
#define PKCS7_R_INTERNAL_ERROR 102
+#define PKCS7_R_INVALID_MIME_TYPE 131
+#define PKCS7_R_MIME_NO_CONTENT_TYPE 132
+#define PKCS7_R_MIME_PARSE_ERROR 133
+#define PKCS7_R_MIME_SIG_PARSE_ERROR 134
#define PKCS7_R_MISSING_CERIPEND_INFO 103
+#define PKCS7_R_NO_CONTENT 122
+#define PKCS7_R_NO_CONTENT_TYPE 135
+#define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136
+#define PKCS7_R_NO_MULTIPART_BOUNDARY 137
#define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115
+#define PKCS7_R_NO_SIGNATURES_ON_DATA 123
+#define PKCS7_R_NO_SIG_CONTENT_TYPE 138
#define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104
+#define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124
+#define PKCS7_R_PKCS7_DATAFINAL_ERROR 125
+#define PKCS7_R_PKCS7_DATASIGN 126
+#define PKCS7_R_PKCS7_PARSE_ERROR 139
+#define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140
+#define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127
#define PKCS7_R_SIGNATURE_FAILURE 105
+#define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128
+#define PKCS7_R_SIG_INVALID_MIME_TYPE 141
+#define PKCS7_R_SMIME_TEXT_ERROR 129
#define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106
#define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107
#define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108
diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
index 82be3c2..a6c1ce9 100644
--- a/crypto/pkcs7/pkcs7err.c
+++ b/crypto/pkcs7/pkcs7err.c
@@ -65,6 +65,9 @@
#ifndef NO_ERR
static ERR_STRING_DATA PKCS7_str_functs[]=
{
+{ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"},
+{ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"},
{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"},
{ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"},
{ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"},
@@ -74,23 +77,55 @@
{ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"},
{ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"},
{ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"},
+{ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"},
{ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"},
{ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"},
{ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"},
{ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"},
+{ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"},
+{ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"},
+{ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"},
+{ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"},
{0,NULL}
};
static ERR_STRING_DATA PKCS7_str_reasons[]=
{
+{PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"},
{PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"},
+{PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"},
+{PKCS7_R_DECODE_ERROR ,"decode error"},
{PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"},
+{PKCS7_R_DECRYPT_ERROR ,"decrypt error"},
{PKCS7_R_DIGEST_FAILURE ,"digest failure"},
+{PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"},
+{PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"},
{PKCS7_R_INTERNAL_ERROR ,"internal error"},
+{PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"},
+{PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"},
+{PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"},
+{PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"},
{PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"},
+{PKCS7_R_NO_CONTENT ,"no content"},
+{PKCS7_R_NO_CONTENT_TYPE ,"no content type"},
+{PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"},
+{PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"},
{PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"},
+{PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"},
+{PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"},
{PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"},
+{PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"},
+{PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"},
+{PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"},
+{PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"},
+{PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"},
+{PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"},
{PKCS7_R_SIGNATURE_FAILURE ,"signature failure"},
+{PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"},
+{PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"},
+{PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"},
{PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"},
{PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"},
{PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"},
