summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1
diff options
context:
space:
mode:
authordjm <>2008-09-06 12:15:56 +0000
committerdjm <>2008-09-06 12:15:56 +0000
commit12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (patch)
treeb7a1f167ae5aeff4cfd8a18b598b68fe98a066fd /src/lib/libcrypto/asn1
parentf519f07de9bfb123f2b32aa3965e6f73c8364b80 (diff)
parent5a3c0a05c7f2c5d3c584b7c8d6aec836dd724c80 (diff)
downloadopenbsd-12867252827c8efaa8ddd1fa3b3d6e321e2bcdef.tar.gz
openbsd-12867252827c8efaa8ddd1fa3b3d6e321e2bcdef.tar.bz2
openbsd-12867252827c8efaa8ddd1fa3b3d6e321e2bcdef.zip
This commit was generated by cvs2git to track changes on a CVS vendor
branch.
Diffstat (limited to 'src/lib/libcrypto/asn1')
-rw-r--r--src/lib/libcrypto/asn1/asn1_gen.c848
-rw-r--r--src/lib/libcrypto/asn1/asn_mime.c874
2 files changed, 1722 insertions, 0 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_gen.c b/src/lib/libcrypto/asn1/asn1_gen.c
new file mode 100644
index 0000000000..26c832781e
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_gen.c
@@ -0,0 +1,848 @@
1/* asn1_gen.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2002.
4 */
5/* ====================================================================
6 * Copyright (c) 2002 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include "cryptlib.h"
60#include <openssl/asn1.h>
61#include <openssl/x509v3.h>
62
63#define ASN1_GEN_FLAG 0x10000
64#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
65#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2)
66#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3)
67#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4)
68#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5)
69#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6)
70#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7)
71#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8)
72
73#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
74
75#define ASN1_FLAG_EXP_MAX 20
76
77/* Input formats */
78
79/* ASCII: default */
80#define ASN1_GEN_FORMAT_ASCII 1
81/* UTF8 */
82#define ASN1_GEN_FORMAT_UTF8 2
83/* Hex */
84#define ASN1_GEN_FORMAT_HEX 3
85/* List of bits */
86#define ASN1_GEN_FORMAT_BITLIST 4
87
88
89struct tag_name_st
90 {
91 const char *strnam;
92 int len;
93 int tag;
94 };
95
96typedef struct
97 {
98 int exp_tag;
99 int exp_class;
100 int exp_constructed;
101 int exp_pad;
102 long exp_len;
103 } tag_exp_type;
104
105typedef struct
106 {
107 int imp_tag;
108 int imp_class;
109 int utype;
110 int format;
111 const char *str;
112 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
113 int exp_count;
114 } tag_exp_arg;
115
116static int bitstr_cb(const char *elem, int len, void *bitstr);
117static int asn1_cb(const char *elem, int len, void *bitstr);
118static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
119static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
120static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
121static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
122static int asn1_str2tag(const char *tagstr, int len);
123
124ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
125 {
126 X509V3_CTX cnf;
127
128 if (!nconf)
129 return ASN1_generate_v3(str, NULL);
130
131 X509V3_set_nconf(&cnf, nconf);
132 return ASN1_generate_v3(str, &cnf);
133 }
134
135ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
136 {
137 ASN1_TYPE *ret;
138 tag_exp_arg asn1_tags;
139 tag_exp_type *etmp;
140
141 int i, len;
142
143 unsigned char *orig_der = NULL, *new_der = NULL;
144 const unsigned char *cpy_start;
145 unsigned char *p;
146 const unsigned char *cp;
147 int cpy_len;
148 long hdr_len;
149 int hdr_constructed = 0, hdr_tag, hdr_class;
150 int r;
151
152 asn1_tags.imp_tag = -1;
153 asn1_tags.imp_class = -1;
154 asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
155 asn1_tags.exp_count = 0;
156 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
157 return NULL;
158
159 if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
160 {
161 if (!cnf)
162 {
163 ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
164 return NULL;
165 }
166 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
167 }
168 else
169 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
170
171 if (!ret)
172 return NULL;
173
174 /* If no tagging return base type */
175 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
176 return ret;
177
178 /* Generate the encoding */
179 cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
180 ASN1_TYPE_free(ret);
181 ret = NULL;
182 /* Set point to start copying for modified encoding */
183 cpy_start = orig_der;
184
185 /* Do we need IMPLICIT tagging? */
186 if (asn1_tags.imp_tag != -1)
187 {
188 /* If IMPLICIT we will replace the underlying tag */
189 /* Skip existing tag+len */
190 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
191 if (r & 0x80)
192 goto err;
193 /* Update copy length */
194 cpy_len -= cpy_start - orig_der;
195 /* For IMPLICIT tagging the length should match the
196 * original length and constructed flag should be
197 * consistent.
198 */
199 if (r & 0x1)
200 {
201 /* Indefinite length constructed */
202 hdr_constructed = 2;
203 hdr_len = 0;
204 }
205 else
206 /* Just retain constructed flag */
207 hdr_constructed = r & V_ASN1_CONSTRUCTED;
208 /* Work out new length with IMPLICIT tag: ignore constructed
209 * because it will mess up if indefinite length
210 */
211 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
212 }
213 else
214 len = cpy_len;
215
216 /* Work out length in any EXPLICIT, starting from end */
217
218 for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
219 {
220 /* Content length: number of content octets + any padding */
221 len += etmp->exp_pad;
222 etmp->exp_len = len;
223 /* Total object length: length including new header */
224 len = ASN1_object_size(0, len, etmp->exp_tag);
225 }
226
227 /* Allocate buffer for new encoding */
228
229 new_der = OPENSSL_malloc(len);
230
231 /* Generate tagged encoding */
232
233 p = new_der;
234
235 /* Output explicit tags first */
236
237 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
238 {
239 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
240 etmp->exp_tag, etmp->exp_class);
241 if (etmp->exp_pad)
242 *p++ = 0;
243 }
244
245 /* If IMPLICIT, output tag */
246
247 if (asn1_tags.imp_tag != -1)
248 ASN1_put_object(&p, hdr_constructed, hdr_len,
249 asn1_tags.imp_tag, asn1_tags.imp_class);
250
251 /* Copy across original encoding */
252 memcpy(p, cpy_start, cpy_len);
253
254 cp = new_der;
255
256 /* Obtain new ASN1_TYPE structure */
257 ret = d2i_ASN1_TYPE(NULL, &cp, len);
258
259 err:
260 if (orig_der)
261 OPENSSL_free(orig_der);
262 if (new_der)
263 OPENSSL_free(new_der);
264
265 return ret;
266
267 }
268
269static int asn1_cb(const char *elem, int len, void *bitstr)
270 {
271 tag_exp_arg *arg = bitstr;
272 int i;
273 int utype;
274 int vlen = 0;
275 const char *p, *vstart = NULL;
276
277 int tmp_tag, tmp_class;
278
279 for(i = 0, p = elem; i < len; p++, i++)
280 {
281 /* Look for the ':' in name value pairs */
282 if (*p == ':')
283 {
284 vstart = p + 1;
285 vlen = len - (vstart - elem);
286 len = p - elem;
287 break;
288 }
289 }
290
291 utype = asn1_str2tag(elem, len);
292
293 if (utype == -1)
294 {
295 ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
296 ERR_add_error_data(2, "tag=", elem);
297 return -1;
298 }
299
300 /* If this is not a modifier mark end of string and exit */
301 if (!(utype & ASN1_GEN_FLAG))
302 {
303 arg->utype = utype;
304 arg->str = vstart;
305 /* If no value and not end of string, error */
306 if (!vstart && elem[len])
307 {
308 ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
309 return -1;
310 }
311 return 0;
312 }
313
314 switch(utype)
315 {
316
317 case ASN1_GEN_FLAG_IMP:
318 /* Check for illegal multiple IMPLICIT tagging */
319 if (arg->imp_tag != -1)
320 {
321 ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
322 return -1;
323 }
324 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
325 return -1;
326 break;
327
328 case ASN1_GEN_FLAG_EXP:
329
330 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
331 return -1;
332 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
333 return -1;
334 break;
335
336 case ASN1_GEN_FLAG_SEQWRAP:
337 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
338 return -1;
339 break;
340
341 case ASN1_GEN_FLAG_SETWRAP:
342 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
343 return -1;
344 break;
345
346 case ASN1_GEN_FLAG_BITWRAP:
347 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
348 return -1;
349 break;
350
351 case ASN1_GEN_FLAG_OCTWRAP:
352 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
353 return -1;
354 break;
355
356 case ASN1_GEN_FLAG_FORMAT:
357 if (!strncmp(vstart, "ASCII", 5))
358 arg->format = ASN1_GEN_FORMAT_ASCII;
359 else if (!strncmp(vstart, "UTF8", 4))
360 arg->format = ASN1_GEN_FORMAT_UTF8;
361 else if (!strncmp(vstart, "HEX", 3))
362 arg->format = ASN1_GEN_FORMAT_HEX;
363 else if (!strncmp(vstart, "BITLIST", 3))
364 arg->format = ASN1_GEN_FORMAT_BITLIST;
365 else
366 {
367 ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
368 return -1;
369 }
370 break;
371
372 }
373
374 return 1;
375
376 }
377
378static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
379 {
380 char erch[2];
381 long tag_num;
382 char *eptr;
383 if (!vstart)
384 return 0;
385 tag_num = strtoul(vstart, &eptr, 10);
386 /* Check we haven't gone past max length: should be impossible */
387 if (eptr && *eptr && (eptr > vstart + vlen))
388 return 0;
389 if (tag_num < 0)
390 {
391 ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
392 return 0;
393 }
394 *ptag = tag_num;
395 /* If we have non numeric characters, parse them */
396 if (eptr)
397 vlen -= eptr - vstart;
398 else
399 vlen = 0;
400 if (vlen)
401 {
402 switch (*eptr)
403 {
404
405 case 'U':
406 *pclass = V_ASN1_UNIVERSAL;
407 break;
408
409 case 'A':
410 *pclass = V_ASN1_APPLICATION;
411 break;
412
413 case 'P':
414 *pclass = V_ASN1_PRIVATE;
415 break;
416
417 case 'C':
418 *pclass = V_ASN1_CONTEXT_SPECIFIC;
419 break;
420
421 default:
422 erch[0] = *eptr;
423 erch[1] = 0;
424 ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
425 ERR_add_error_data(2, "Char=", erch);
426 return 0;
427 break;
428
429 }
430 }
431 else
432 *pclass = V_ASN1_CONTEXT_SPECIFIC;
433
434 return 1;
435
436 }
437
438/* Handle multiple types: SET and SEQUENCE */
439
440static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
441 {
442 ASN1_TYPE *ret = NULL, *typ = NULL;
443 STACK_OF(ASN1_TYPE) *sk = NULL;
444 STACK_OF(CONF_VALUE) *sect = NULL;
445 unsigned char *der = NULL, *p;
446 int derlen;
447 int i, is_set;
448 sk = sk_ASN1_TYPE_new_null();
449 if (section)
450 {
451 if (!cnf)
452 goto bad;
453 sect = X509V3_get_section(cnf, (char *)section);
454 if (!sect)
455 goto bad;
456 for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
457 {
458 typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
459 if (!typ)
460 goto bad;
461 sk_ASN1_TYPE_push(sk, typ);
462 typ = NULL;
463 }
464 }
465
466 /* Now we has a STACK of the components, convert to the correct form */
467
468 if (utype == V_ASN1_SET)
469 is_set = 1;
470 else
471 is_set = 0;
472
473
474 derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
475 V_ASN1_UNIVERSAL, is_set);
476 der = OPENSSL_malloc(derlen);
477 p = der;
478 i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
479 V_ASN1_UNIVERSAL, is_set);
480
481 if (!(ret = ASN1_TYPE_new()))
482 goto bad;
483
484 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
485 goto bad;
486
487 ret->type = utype;
488
489 ret->value.asn1_string->data = der;
490 ret->value.asn1_string->length = derlen;
491
492 der = NULL;
493
494 bad:
495
496 if (der)
497 OPENSSL_free(der);
498
499 if (sk)
500 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
501 if (typ)
502 ASN1_TYPE_free(typ);
503 if (sect)
504 X509V3_section_free(cnf, sect);
505
506 return ret;
507 }
508
509static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
510 {
511 tag_exp_type *exp_tmp;
512 /* Can only have IMPLICIT if permitted */
513 if ((arg->imp_tag != -1) && !imp_ok)
514 {
515 ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
516 return 0;
517 }
518
519 if (arg->exp_count == ASN1_FLAG_EXP_MAX)
520 {
521 ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
522 return 0;
523 }
524
525 exp_tmp = &arg->exp_list[arg->exp_count++];
526
527 /* If IMPLICIT set tag to implicit value then
528 * reset implicit tag since it has been used.
529 */
530 if (arg->imp_tag != -1)
531 {
532 exp_tmp->exp_tag = arg->imp_tag;
533 exp_tmp->exp_class = arg->imp_class;
534 arg->imp_tag = -1;
535 arg->imp_class = -1;
536 }
537 else
538 {
539 exp_tmp->exp_tag = exp_tag;
540 exp_tmp->exp_class = exp_class;
541 }
542 exp_tmp->exp_constructed = exp_constructed;
543 exp_tmp->exp_pad = exp_pad;
544
545 return 1;
546 }
547
548
549static int asn1_str2tag(const char *tagstr, int len)
550 {
551 unsigned int i;
552 static struct tag_name_st *tntmp, tnst [] = {
553 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
554 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
555 ASN1_GEN_STR("NULL", V_ASN1_NULL),
556 ASN1_GEN_STR("INT", V_ASN1_INTEGER),
557 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
558 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
559 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
560 ASN1_GEN_STR("OID", V_ASN1_OBJECT),
561 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
562 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
563 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
564 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
565 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
566 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
567 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
568 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
569 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
570 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
571 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
572 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
573 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
574 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
575 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
576 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
577 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
578 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
579 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
580 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
581 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
582 ASN1_GEN_STR("T61", V_ASN1_T61STRING),
583 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
584 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
585 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
586 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
587
588 /* Special cases */
589 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
590 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
591 ASN1_GEN_STR("SET", V_ASN1_SET),
592 /* type modifiers */
593 /* Explicit tag */
594 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
595 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
596 /* Implicit tag */
597 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
598 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
599 /* OCTET STRING wrapper */
600 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
601 /* SEQUENCE wrapper */
602 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
603 /* SET wrapper */
604 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
605 /* BIT STRING wrapper */
606 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
607 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
608 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
609 };
610
611 if (len == -1)
612 len = strlen(tagstr);
613
614 tntmp = tnst;
615 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
616 {
617 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
618 return tntmp->tag;
619 }
620
621 return -1;
622 }
623
624static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
625 {
626 ASN1_TYPE *atmp = NULL;
627
628 CONF_VALUE vtmp;
629
630 unsigned char *rdata;
631 long rdlen;
632
633 int no_unused = 1;
634
635 if (!(atmp = ASN1_TYPE_new()))
636 {
637 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
638 return NULL;
639 }
640
641 if (!str)
642 str = "";
643
644 switch(utype)
645 {
646
647 case V_ASN1_NULL:
648 if (str && *str)
649 {
650 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
651 goto bad_form;
652 }
653 break;
654
655 case V_ASN1_BOOLEAN:
656 if (format != ASN1_GEN_FORMAT_ASCII)
657 {
658 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
659 goto bad_form;
660 }
661 vtmp.name = NULL;
662 vtmp.section = NULL;
663 vtmp.value = (char *)str;
664 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
665 {
666 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
667 goto bad_str;
668 }
669 break;
670
671 case V_ASN1_INTEGER:
672 case V_ASN1_ENUMERATED:
673 if (format != ASN1_GEN_FORMAT_ASCII)
674 {
675 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
676 goto bad_form;
677 }
678 if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
679 {
680 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
681 goto bad_str;
682 }
683 break;
684
685 case V_ASN1_OBJECT:
686 if (format != ASN1_GEN_FORMAT_ASCII)
687 {
688 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
689 goto bad_form;
690 }
691 if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
692 {
693 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
694 goto bad_str;
695 }
696 break;
697
698 case V_ASN1_UTCTIME:
699 case V_ASN1_GENERALIZEDTIME:
700 if (format != ASN1_GEN_FORMAT_ASCII)
701 {
702 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
703 goto bad_form;
704 }
705 if (!(atmp->value.asn1_string = ASN1_STRING_new()))
706 {
707 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
708 goto bad_str;
709 }
710 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
711 {
712 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
713 goto bad_str;
714 }
715 atmp->value.asn1_string->type = utype;
716 if (!ASN1_TIME_check(atmp->value.asn1_string))
717 {
718 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
719 goto bad_str;
720 }
721
722 break;
723
724 case V_ASN1_BMPSTRING:
725 case V_ASN1_PRINTABLESTRING:
726 case V_ASN1_IA5STRING:
727 case V_ASN1_T61STRING:
728 case V_ASN1_UTF8STRING:
729 case V_ASN1_VISIBLESTRING:
730 case V_ASN1_UNIVERSALSTRING:
731 case V_ASN1_GENERALSTRING:
732
733 if (format == ASN1_GEN_FORMAT_ASCII)
734 format = MBSTRING_ASC;
735 else if (format == ASN1_GEN_FORMAT_UTF8)
736 format = MBSTRING_UTF8;
737 else
738 {
739 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
740 goto bad_form;
741 }
742
743
744 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
745 -1, format, ASN1_tag2bit(utype)) <= 0)
746 {
747 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
748 goto bad_str;
749 }
750
751
752 break;
753
754 case V_ASN1_BIT_STRING:
755
756 case V_ASN1_OCTET_STRING:
757
758 if (!(atmp->value.asn1_string = ASN1_STRING_new()))
759 {
760 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
761 goto bad_form;
762 }
763
764 if (format == ASN1_GEN_FORMAT_HEX)
765 {
766
767 if (!(rdata = string_to_hex((char *)str, &rdlen)))
768 {
769 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
770 goto bad_str;
771 }
772
773 atmp->value.asn1_string->data = rdata;
774 atmp->value.asn1_string->length = rdlen;
775 atmp->value.asn1_string->type = utype;
776
777 }
778 else if (format == ASN1_GEN_FORMAT_ASCII)
779 ASN1_STRING_set(atmp->value.asn1_string, str, -1);
780 else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
781 {
782 if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
783 {
784 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
785 goto bad_str;
786 }
787 no_unused = 0;
788
789 }
790 else
791 {
792 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
793 goto bad_form;
794 }
795
796 if ((utype == V_ASN1_BIT_STRING) && no_unused)
797 {
798 atmp->value.asn1_string->flags
799 &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
800 atmp->value.asn1_string->flags
801 |= ASN1_STRING_FLAG_BITS_LEFT;
802 }
803
804
805 break;
806
807 default:
808 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
809 goto bad_str;
810 break;
811 }
812
813
814 atmp->type = utype;
815 return atmp;
816
817
818 bad_str:
819 ERR_add_error_data(2, "string=", str);
820 bad_form:
821
822 ASN1_TYPE_free(atmp);
823 return NULL;
824
825 }
826
827static int bitstr_cb(const char *elem, int len, void *bitstr)
828 {
829 long bitnum;
830 char *eptr;
831 if (!elem)
832 return 0;
833 bitnum = strtoul(elem, &eptr, 10);
834 if (eptr && *eptr && (eptr != elem + len))
835 return 0;
836 if (bitnum < 0)
837 {
838 ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
839 return 0;
840 }
841 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
842 {
843 ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
844 return 0;
845 }
846 return 1;
847 }
848
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c
new file mode 100644
index 0000000000..fe7c4ec7ab
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn_mime.c
@@ -0,0 +1,874 @@
1/* asn_mime.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 */
54
55#include <stdio.h>
56#include <ctype.h>
57#include "cryptlib.h"
58#include <openssl/rand.h>
59#include <openssl/x509.h>
60#include <openssl/asn1.h>
61#include <openssl/asn1t.h>
62
63/* Generalised MIME like utilities for streaming ASN1. Although many
64 * have a PKCS7/CMS like flavour others are more general purpose.
65 */
66
67/* MIME format structures
68 * Note that all are translated to lower case apart from
69 * parameter values. Quotes are stripped off
70 */
71
72typedef struct {
73char *param_name; /* Param name e.g. "micalg" */
74char *param_value; /* Param value e.g. "sha1" */
75} MIME_PARAM;
76
77DECLARE_STACK_OF(MIME_PARAM)
78IMPLEMENT_STACK_OF(MIME_PARAM)
79
80typedef struct {
81char *name; /* Name of line e.g. "content-type" */
82char *value; /* Value of line e.g. "text/plain" */
83STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
84} MIME_HEADER;
85
86DECLARE_STACK_OF(MIME_HEADER)
87IMPLEMENT_STACK_OF(MIME_HEADER)
88
89static char * strip_ends(char *name);
90static char * strip_start(char *name);
91static char * strip_end(char *name);
92static MIME_HEADER *mime_hdr_new(char *name, char *value);
93static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
94static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
95static int mime_hdr_cmp(const MIME_HEADER * const *a,
96 const MIME_HEADER * const *b);
97static int mime_param_cmp(const MIME_PARAM * const *a,
98 const MIME_PARAM * const *b);
99static void mime_param_free(MIME_PARAM *param);
100static int mime_bound_check(char *line, int linelen, char *bound, int blen);
101static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
102static int strip_eol(char *linebuf, int *plen);
103static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
104static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
105static void mime_hdr_free(MIME_HEADER *hdr);
106
107#define MAX_SMLEN 1024
108#define mime_debug(x) /* x */
109
110/* Base 64 read and write of ASN1 structure */
111
112static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
113 const ASN1_ITEM *it)
114 {
115 BIO *b64;
116 int r;
117 b64 = BIO_new(BIO_f_base64());
118 if(!b64)
119 {
120 ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
121 return 0;
122 }
123 /* prepend the b64 BIO so all data is base64 encoded.
124 */
125 out = BIO_push(b64, out);
126 r = ASN1_item_i2d_bio(it, out, val);
127 (void)BIO_flush(out);
128 BIO_pop(out);
129 BIO_free(b64);
130 return r;
131 }
132
133static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
134{
135 BIO *b64;
136 ASN1_VALUE *val;
137 if(!(b64 = BIO_new(BIO_f_base64()))) {
138 ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
139 return 0;
140 }
141 bio = BIO_push(b64, bio);
142 val = ASN1_item_d2i_bio(it, bio, NULL);
143 if(!val)
144 ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
145 (void)BIO_flush(bio);
146 bio = BIO_pop(bio);
147 BIO_free(b64);
148 return val;
149}
150
151/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
152
153static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
154 {
155 const EVP_MD *md;
156 int i, have_unknown = 0, write_comma, md_nid;
157 have_unknown = 0;
158 write_comma = 0;
159 for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
160 {
161 if (write_comma)
162 BIO_write(out, ",", 1);
163 write_comma = 1;
164 md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
165 md = EVP_get_digestbynid(md_nid);
166 switch(md_nid)
167 {
168 case NID_sha1:
169 BIO_puts(out, "sha1");
170 break;
171
172 case NID_md5:
173 BIO_puts(out, "md5");
174 break;
175
176 case NID_sha256:
177 BIO_puts(out, "sha-256");
178 break;
179
180 case NID_sha384:
181 BIO_puts(out, "sha-384");
182 break;
183
184 case NID_sha512:
185 BIO_puts(out, "sha-512");
186 break;
187
188 default:
189 if (have_unknown)
190 write_comma = 0;
191 else
192 {
193 BIO_puts(out, "unknown");
194 have_unknown = 1;
195 }
196 break;
197
198 }
199 }
200
201 return 1;
202
203 }
204
205/* SMIME sender */
206
207int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
208 int ctype_nid, int econt_nid,
209 STACK_OF(X509_ALGOR) *mdalgs,
210 asn1_output_data_fn *data_fn,
211 const ASN1_ITEM *it)
212{
213 char bound[33], c;
214 int i;
215 const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
216 const char *msg_type=NULL;
217 if (flags & SMIME_OLDMIME)
218 mime_prefix = "application/x-pkcs7-";
219 else
220 mime_prefix = "application/pkcs7-";
221
222 if (flags & SMIME_CRLFEOL)
223 mime_eol = "\r\n";
224 else
225 mime_eol = "\n";
226 if((flags & SMIME_DETACHED) && data) {
227 /* We want multipart/signed */
228 /* Generate a random boundary */
229 RAND_pseudo_bytes((unsigned char *)bound, 32);
230 for(i = 0; i < 32; i++) {
231 c = bound[i] & 0xf;
232 if(c < 10) c += '0';
233 else c += 'A' - 10;
234 bound[i] = c;
235 }
236 bound[32] = 0;
237 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
238 BIO_printf(bio, "Content-Type: multipart/signed;");
239 BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
240 BIO_puts(bio, " micalg=\"");
241 asn1_write_micalg(bio, mdalgs);
242 BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
243 bound, mime_eol, mime_eol);
244 BIO_printf(bio, "This is an S/MIME signed message%s%s",
245 mime_eol, mime_eol);
246 /* Now write out the first part */
247 BIO_printf(bio, "------%s%s", bound, mime_eol);
248 if (!data_fn(bio, data, val, flags, it))
249 return 0;
250 BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
251
252 /* Headers for signature */
253
254 BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
255 BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
256 BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
257 mime_eol);
258 BIO_printf(bio, "Content-Disposition: attachment;");
259 BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
260 mime_eol, mime_eol);
261 B64_write_ASN1(bio, val, NULL, 0, it);
262 BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
263 mime_eol, mime_eol);
264 return 1;
265 }
266
267 /* Determine smime-type header */
268
269 if (ctype_nid == NID_pkcs7_enveloped)
270 msg_type = "enveloped-data";
271 else if (ctype_nid == NID_pkcs7_signed)
272 {
273 if (econt_nid == NID_id_smime_ct_receipt)
274 msg_type = "signed-receipt";
275 else if (sk_X509_ALGOR_num(mdalgs) >= 0)
276 msg_type = "signed-data";
277 else
278 msg_type = "certs-only";
279 }
280 else if (ctype_nid == NID_id_smime_ct_compressedData)
281 {
282 msg_type = "compressed-data";
283 cname = "smime.p7z";
284 }
285 /* MIME headers */
286 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
287 BIO_printf(bio, "Content-Disposition: attachment;");
288 BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
289 BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
290 if (msg_type)
291 BIO_printf(bio, " smime-type=%s;", msg_type);
292 BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
293 BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
294 mime_eol, mime_eol);
295 if (!B64_write_ASN1(bio, val, data, flags, it))
296 return 0;
297 BIO_printf(bio, "%s", mime_eol);
298 return 1;
299}
300
301#if 0
302
303/* Handle output of ASN1 data */
304
305
306static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
307 const ASN1_ITEM *it)
308 {
309 BIO *tmpbio;
310 const ASN1_AUX *aux = it->funcs;
311 ASN1_STREAM_ARG sarg;
312
313 if (!(flags & SMIME_DETACHED))
314 {
315 SMIME_crlf_copy(data, out, flags);
316 return 1;
317 }
318
319 if (!aux || !aux->asn1_cb)
320 {
321 ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
322 ASN1_R_STREAMING_NOT_SUPPORTED);
323 return 0;
324 }
325
326 sarg.out = out;
327 sarg.ndef_bio = NULL;
328 sarg.boundary = NULL;
329
330 /* Let ASN1 code prepend any needed BIOs */
331
332 if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
333 return 0;
334
335 /* Copy data across, passing through filter BIOs for processing */
336 SMIME_crlf_copy(data, sarg.ndef_bio, flags);
337
338 /* Finalize structure */
339 if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
340 return 0;
341
342 /* Now remove any digests prepended to the BIO */
343
344 while (sarg.ndef_bio != out)
345 {
346 tmpbio = BIO_pop(sarg.ndef_bio);
347 BIO_free(sarg.ndef_bio);
348 sarg.ndef_bio = tmpbio;
349 }
350
351 return 1;
352
353 }
354
355#endif
356
357/* SMIME reader: handle multipart/signed and opaque signing.
358 * in multipart case the content is placed in a memory BIO
359 * pointed to by "bcont". In opaque this is set to NULL
360 */
361
362ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
363{
364 BIO *asnin;
365 STACK_OF(MIME_HEADER) *headers = NULL;
366 STACK_OF(BIO) *parts = NULL;
367 MIME_HEADER *hdr;
368 MIME_PARAM *prm;
369 ASN1_VALUE *val;
370 int ret;
371
372 if(bcont) *bcont = NULL;
373
374 if (!(headers = mime_parse_hdr(bio))) {
375 ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
376 return NULL;
377 }
378
379 if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
380 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
381 ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
382 return NULL;
383 }
384
385 /* Handle multipart/signed */
386
387 if(!strcmp(hdr->value, "multipart/signed")) {
388 /* Split into two parts */
389 prm = mime_param_find(hdr, "boundary");
390 if(!prm || !prm->param_value) {
391 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
392 ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
393 return NULL;
394 }
395 ret = multi_split(bio, prm->param_value, &parts);
396 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
397 if(!ret || (sk_BIO_num(parts) != 2) ) {
398 ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
399 sk_BIO_pop_free(parts, BIO_vfree);
400 return NULL;
401 }
402
403 /* Parse the signature piece */
404 asnin = sk_BIO_value(parts, 1);
405
406 if (!(headers = mime_parse_hdr(asnin))) {
407 ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
408 sk_BIO_pop_free(parts, BIO_vfree);
409 return NULL;
410 }
411
412 /* Get content type */
413
414 if(!(hdr = mime_hdr_find(headers, "content-type")) ||
415 !hdr->value) {
416 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
417 ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
418 return NULL;
419 }
420
421 if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
422 strcmp(hdr->value, "application/pkcs7-signature")) {
423 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
424 ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
425 ERR_add_error_data(2, "type: ", hdr->value);
426 sk_BIO_pop_free(parts, BIO_vfree);
427 return NULL;
428 }
429 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
430 /* Read in ASN1 */
431 if(!(val = b64_read_asn1(asnin, it))) {
432 ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
433 sk_BIO_pop_free(parts, BIO_vfree);
434 return NULL;
435 }
436
437 if(bcont) {
438 *bcont = sk_BIO_value(parts, 0);
439 BIO_free(asnin);
440 sk_BIO_free(parts);
441 } else sk_BIO_pop_free(parts, BIO_vfree);
442 return val;
443 }
444
445 /* OK, if not multipart/signed try opaque signature */
446
447 if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
448 strcmp (hdr->value, "application/pkcs7-mime")) {
449 ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
450 ERR_add_error_data(2, "type: ", hdr->value);
451 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
452 return NULL;
453 }
454
455 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
456
457 if(!(val = b64_read_asn1(bio, it))) {
458 ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
459 return NULL;
460 }
461 return val;
462
463}
464
465/* Copy text from one BIO to another making the output CRLF at EOL */
466int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
467{
468 BIO *bf;
469 char eol;
470 int len;
471 char linebuf[MAX_SMLEN];
472 /* Buffer output so we don't write one line at a time. This is
473 * useful when streaming as we don't end up with one OCTET STRING
474 * per line.
475 */
476 bf = BIO_new(BIO_f_buffer());
477 if (!bf)
478 return 0;
479 out = BIO_push(bf, out);
480 if(flags & SMIME_BINARY)
481 {
482 while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
483 BIO_write(out, linebuf, len);
484 }
485 else
486 {
487 if(flags & SMIME_TEXT)
488 BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
489 while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
490 {
491 eol = strip_eol(linebuf, &len);
492 if (len)
493 BIO_write(out, linebuf, len);
494 if(eol) BIO_write(out, "\r\n", 2);
495 }
496 }
497 (void)BIO_flush(out);
498 BIO_pop(out);
499 BIO_free(bf);
500 return 1;
501}
502
503/* Strip off headers if they are text/plain */
504int SMIME_text(BIO *in, BIO *out)
505{
506 char iobuf[4096];
507 int len;
508 STACK_OF(MIME_HEADER) *headers;
509 MIME_HEADER *hdr;
510
511 if (!(headers = mime_parse_hdr(in))) {
512 ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
513 return 0;
514 }
515 if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
516 ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
517 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
518 return 0;
519 }
520 if (strcmp (hdr->value, "text/plain")) {
521 ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
522 ERR_add_error_data(2, "type: ", hdr->value);
523 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
524 return 0;
525 }
526 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
527 while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
528 BIO_write(out, iobuf, len);
529 return 1;
530}
531
532/* Split a multipart/XXX message body into component parts: result is
533 * canonical parts in a STACK of bios
534 */
535
536static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
537{
538 char linebuf[MAX_SMLEN];
539 int len, blen;
540 int eol = 0, next_eol = 0;
541 BIO *bpart = NULL;
542 STACK_OF(BIO) *parts;
543 char state, part, first;
544
545 blen = strlen(bound);
546 part = 0;
547 state = 0;
548 first = 1;
549 parts = sk_BIO_new_null();
550 *ret = parts;
551 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
552 state = mime_bound_check(linebuf, len, bound, blen);
553 if(state == 1) {
554 first = 1;
555 part++;
556 } else if(state == 2) {
557 sk_BIO_push(parts, bpart);
558 return 1;
559 } else if(part) {
560 /* Strip CR+LF from linebuf */
561 next_eol = strip_eol(linebuf, &len);
562 if(first) {
563 first = 0;
564 if(bpart) sk_BIO_push(parts, bpart);
565 bpart = BIO_new(BIO_s_mem());
566 BIO_set_mem_eof_return(bpart, 0);
567 } else if (eol)
568 BIO_write(bpart, "\r\n", 2);
569 eol = next_eol;
570 if (len)
571 BIO_write(bpart, linebuf, len);
572 }
573 }
574 return 0;
575}
576
577/* This is the big one: parse MIME header lines up to message body */
578
579#define MIME_INVALID 0
580#define MIME_START 1
581#define MIME_TYPE 2
582#define MIME_NAME 3
583#define MIME_VALUE 4
584#define MIME_QUOTE 5
585#define MIME_COMMENT 6
586
587
588static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
589{
590 char *p, *q, c;
591 char *ntmp;
592 char linebuf[MAX_SMLEN];
593 MIME_HEADER *mhdr = NULL;
594 STACK_OF(MIME_HEADER) *headers;
595 int len, state, save_state = 0;
596
597 headers = sk_MIME_HEADER_new(mime_hdr_cmp);
598 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
599 /* If whitespace at line start then continuation line */
600 if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
601 else state = MIME_START;
602 ntmp = NULL;
603 /* Go through all characters */
604 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
605
606 /* State machine to handle MIME headers
607 * if this looks horrible that's because it *is*
608 */
609
610 switch(state) {
611 case MIME_START:
612 if(c == ':') {
613 state = MIME_TYPE;
614 *p = 0;
615 ntmp = strip_ends(q);
616 q = p + 1;
617 }
618 break;
619
620 case MIME_TYPE:
621 if(c == ';') {
622 mime_debug("Found End Value\n");
623 *p = 0;
624 mhdr = mime_hdr_new(ntmp, strip_ends(q));
625 sk_MIME_HEADER_push(headers, mhdr);
626 ntmp = NULL;
627 q = p + 1;
628 state = MIME_NAME;
629 } else if(c == '(') {
630 save_state = state;
631 state = MIME_COMMENT;
632 }
633 break;
634
635 case MIME_COMMENT:
636 if(c == ')') {
637 state = save_state;
638 }
639 break;
640
641 case MIME_NAME:
642 if(c == '=') {
643 state = MIME_VALUE;
644 *p = 0;
645 ntmp = strip_ends(q);
646 q = p + 1;
647 }
648 break ;
649
650 case MIME_VALUE:
651 if(c == ';') {
652 state = MIME_NAME;
653 *p = 0;
654 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
655 ntmp = NULL;
656 q = p + 1;
657 } else if (c == '"') {
658 mime_debug("Found Quote\n");
659 state = MIME_QUOTE;
660 } else if(c == '(') {
661 save_state = state;
662 state = MIME_COMMENT;
663 }
664 break;
665
666 case MIME_QUOTE:
667 if(c == '"') {
668 mime_debug("Found Match Quote\n");
669 state = MIME_VALUE;
670 }
671 break;
672 }
673 }
674
675 if(state == MIME_TYPE) {
676 mhdr = mime_hdr_new(ntmp, strip_ends(q));
677 sk_MIME_HEADER_push(headers, mhdr);
678 } else if(state == MIME_VALUE)
679 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
680 if(p == linebuf) break; /* Blank line means end of headers */
681}
682
683return headers;
684
685}
686
687static char *strip_ends(char *name)
688{
689 return strip_end(strip_start(name));
690}
691
692/* Strip a parameter of whitespace from start of param */
693static char *strip_start(char *name)
694{
695 char *p, c;
696 /* Look for first non white space or quote */
697 for(p = name; (c = *p) ;p++) {
698 if(c == '"') {
699 /* Next char is start of string if non null */
700 if(p[1]) return p + 1;
701 /* Else null string */
702 return NULL;
703 }
704 if(!isspace((unsigned char)c)) return p;
705 }
706 return NULL;
707}
708
709/* As above but strip from end of string : maybe should handle brackets? */
710static char *strip_end(char *name)
711{
712 char *p, c;
713 if(!name) return NULL;
714 /* Look for first non white space or quote */
715 for(p = name + strlen(name) - 1; p >= name ;p--) {
716 c = *p;
717 if(c == '"') {
718 if(p - 1 == name) return NULL;
719 *p = 0;
720 return name;
721 }
722 if(isspace((unsigned char)c)) *p = 0;
723 else return name;
724 }
725 return NULL;
726}
727
728static MIME_HEADER *mime_hdr_new(char *name, char *value)
729{
730 MIME_HEADER *mhdr;
731 char *tmpname, *tmpval, *p;
732 int c;
733 if(name) {
734 if(!(tmpname = BUF_strdup(name))) return NULL;
735 for(p = tmpname ; *p; p++) {
736 c = *p;
737 if(isupper(c)) {
738 c = tolower(c);
739 *p = c;
740 }
741 }
742 } else tmpname = NULL;
743 if(value) {
744 if(!(tmpval = BUF_strdup(value))) return NULL;
745 for(p = tmpval ; *p; p++) {
746 c = *p;
747 if(isupper(c)) {
748 c = tolower(c);
749 *p = c;
750 }
751 }
752 } else tmpval = NULL;
753 mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
754 if(!mhdr) return NULL;
755 mhdr->name = tmpname;
756 mhdr->value = tmpval;
757 if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
758 return mhdr;
759}
760
761static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
762{
763 char *tmpname, *tmpval, *p;
764 int c;
765 MIME_PARAM *mparam;
766 if(name) {
767 tmpname = BUF_strdup(name);
768 if(!tmpname) return 0;
769 for(p = tmpname ; *p; p++) {
770 c = *p;
771 if(isupper(c)) {
772 c = tolower(c);
773 *p = c;
774 }
775 }
776 } else tmpname = NULL;
777 if(value) {
778 tmpval = BUF_strdup(value);
779 if(!tmpval) return 0;
780 } else tmpval = NULL;
781 /* Parameter values are case sensitive so leave as is */
782 mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
783 if(!mparam) return 0;
784 mparam->param_name = tmpname;
785 mparam->param_value = tmpval;
786 sk_MIME_PARAM_push(mhdr->params, mparam);
787 return 1;
788}
789
790static int mime_hdr_cmp(const MIME_HEADER * const *a,
791 const MIME_HEADER * const *b)
792{
793 return(strcmp((*a)->name, (*b)->name));
794}
795
796static int mime_param_cmp(const MIME_PARAM * const *a,
797 const MIME_PARAM * const *b)
798{
799 return(strcmp((*a)->param_name, (*b)->param_name));
800}
801
802/* Find a header with a given name (if possible) */
803
804static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
805{
806 MIME_HEADER htmp;
807 int idx;
808 htmp.name = name;
809 idx = sk_MIME_HEADER_find(hdrs, &htmp);
810 if(idx < 0) return NULL;
811 return sk_MIME_HEADER_value(hdrs, idx);
812}
813
814static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
815{
816 MIME_PARAM param;
817 int idx;
818 param.param_name = name;
819 idx = sk_MIME_PARAM_find(hdr->params, &param);
820 if(idx < 0) return NULL;
821 return sk_MIME_PARAM_value(hdr->params, idx);
822}
823
824static void mime_hdr_free(MIME_HEADER *hdr)
825{
826 if(hdr->name) OPENSSL_free(hdr->name);
827 if(hdr->value) OPENSSL_free(hdr->value);
828 if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
829 OPENSSL_free(hdr);
830}
831
832static void mime_param_free(MIME_PARAM *param)
833{
834 if(param->param_name) OPENSSL_free(param->param_name);
835 if(param->param_value) OPENSSL_free(param->param_value);
836 OPENSSL_free(param);
837}
838
839/* Check for a multipart boundary. Returns:
840 * 0 : no boundary
841 * 1 : part boundary
842 * 2 : final boundary
843 */
844static int mime_bound_check(char *line, int linelen, char *bound, int blen)
845{
846 if(linelen == -1) linelen = strlen(line);
847 if(blen == -1) blen = strlen(bound);
848 /* Quickly eliminate if line length too short */
849 if(blen + 2 > linelen) return 0;
850 /* Check for part boundary */
851 if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
852 if(!strncmp(line + blen + 2, "--", 2)) return 2;
853 else return 1;
854 }
855 return 0;
856}
857
858static int strip_eol(char *linebuf, int *plen)
859 {
860 int len = *plen;
861 char *p, c;
862 int is_eol = 0;
863 p = linebuf + len - 1;
864 for (p = linebuf + len - 1; len > 0; len--, p--)
865 {
866 c = *p;
867 if (c == '\n')
868 is_eol = 1;
869 else if (c != '\r')
870 break;
871 }
872 *plen = len;
873 return is_eol;
874 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-07 08:46:27 +0000