summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs7
diff options
context:
space:
mode:
authorcvs2svn <admin@example.com>2002-05-15 02:29:24 +0000
committercvs2svn <admin@example.com>2002-05-15 02:29:24 +0000
commit027351f729b9e837200dae6e1520cda6577ab930 (patch)
treee25a717057aa4529e433fc3b1fac8d4df8db3a5c /src/lib/libcrypto/pkcs7
parentaeeae06a79815dc190061534d47236cec09f9e32 (diff)
downloadopenbsd-027351f729b9e837200dae6e1520cda6577ab930.tar.gz
openbsd-027351f729b9e837200dae6e1520cda6577ab930.tar.bz2
openbsd-027351f729b9e837200dae6e1520cda6577ab930.zip
This commit was manufactured by cvs2git to create branch 'unlabeled-1.1.1'.
Diffstat (limited to 'src/lib/libcrypto/pkcs7')
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_asn1.c213
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_attr.c85
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_mime.c673
-rw-r--r--src/lib/libcrypto/pkcs7/pk7_smime.c427
4 files changed, 1398 insertions, 0 deletions
diff --git a/src/lib/libcrypto/pkcs7/pk7_asn1.c b/src/lib/libcrypto/pkcs7/pk7_asn1.c
new file mode 100644
index 0000000000..46f0fc9375
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_asn1.c
@@ -0,0 +1,213 @@
1/* pk7_asn.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1t.h>
62#include <openssl/pkcs7.h>
63#include <openssl/x509.h>
64
65/* PKCS#7 ASN1 module */
66
67/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
68
69ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
70
71ASN1_ADB(PKCS7) = {
72 ADB_ENTRY(NID_pkcs7_data, ASN1_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING, 0)),
73 ADB_ENTRY(NID_pkcs7_signed, ASN1_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
74 ADB_ENTRY(NID_pkcs7_enveloped, ASN1_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
75 ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
76 ADB_ENTRY(NID_pkcs7_digest, ASN1_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
77 ADB_ENTRY(NID_pkcs7_encrypted, ASN1_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
78} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
79
80ASN1_SEQUENCE(PKCS7) = {
81 ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
82 ASN1_ADB_OBJECT(PKCS7)
83}ASN1_SEQUENCE_END(PKCS7)
84
85IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
86IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
87
88ASN1_SEQUENCE(PKCS7_SIGNED) = {
89 ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
90 ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
91 ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
92 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
93 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
94 ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
95} ASN1_SEQUENCE_END(PKCS7_SIGNED)
96
97IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
98
99/* Minor tweak to operation: free up EVP_PKEY */
100static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
101{
102 if(operation == ASN1_OP_FREE_POST) {
103 PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
104 EVP_PKEY_free(si->pkey);
105 }
106 return 1;
107}
108
109ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
110 ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
111 ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
112 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
113 /* NB this should be a SET OF but we use a SEQUENCE OF so the
114 * original order * is retained when the structure is reencoded.
115 * Since the attributes are implicitly tagged this will not affect
116 * the encoding.
117 */
118 ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
119 ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
120 ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
121 ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
122} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
123
124IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
125
126ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
127 ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
128 ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
129} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
130
131IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
132
133ASN1_SEQUENCE(PKCS7_ENVELOPE) = {
134 ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
135 ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
136 ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
137} ASN1_SEQUENCE_END(PKCS7_ENVELOPE)
138
139IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
140
141/* Minor tweak to operation: free up X509 */
142static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
143{
144 if(operation == ASN1_OP_FREE_POST) {
145 PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
146 X509_free(ri->cert);
147 }
148 return 1;
149}
150
151ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
152 ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
153 ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
154 ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
155 ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
156} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
157
158IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
159
160ASN1_SEQUENCE(PKCS7_ENC_CONTENT) = {
161 ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
162 ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
163 ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
164} ASN1_SEQUENCE_END(PKCS7_ENC_CONTENT)
165
166IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
167
168ASN1_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
169 ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
170 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
171 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
172 ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
173 ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
174 ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
175 ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
176} ASN1_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
177
178IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
179
180ASN1_SEQUENCE(PKCS7_ENCRYPT) = {
181 ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
182 ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
183} ASN1_SEQUENCE_END(PKCS7_ENCRYPT)
184
185IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
186
187ASN1_SEQUENCE(PKCS7_DIGEST) = {
188 ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
189 ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
190 ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
191 ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
192} ASN1_SEQUENCE_END(PKCS7_DIGEST)
193
194IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
195
196/* Specials for authenticated attributes */
197
198/* When signing attributes we want to reorder them to match the sorted
199 * encoding.
200 */
201
202ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
203 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
204ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
205
206/* When verifying attributes we need to use the received order. So
207 * we use SEQUENCE OF and tag it to SET OF
208 */
209
210ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
211 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
212 V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
213ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c
new file mode 100644
index 0000000000..3b9c0fe3f2
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_attr.c
@@ -0,0 +1,85 @@
1/* pk7_attr.c */
2/* S/MIME code.
3 * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com)
4 * All Rights Reserved.
5 * Redistribution of this code without the authors permission is expressly
6 * prohibited.
7 */
8
9#include <stdio.h>
10#include <stdlib.h>
11#include <openssl/bio.h>
12#include <openssl/asn1.h>
13#include <openssl/pem.h>
14#include <openssl/pkcs7.h>
15#include <openssl/err.h>
16
17int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap)
18{
19 ASN1_STRING *seq;
20 unsigned char *p, *pp;
21 int len;
22 len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
23 V_ASN1_UNIVERSAL, IS_SEQUENCE);
24 if(!(pp=(unsigned char *)Malloc(len))) {
25 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
26 return 0;
27 }
28 p=pp;
29 i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
30 V_ASN1_UNIVERSAL, IS_SEQUENCE);
31 if(!(seq = ASN1_STRING_new())) {
32 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
33 return 0;
34 }
35 if(!ASN1_STRING_set (seq, pp, len)) {
36 PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
37 return 0;
38 }
39 Free (pp);
40 return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
41 V_ASN1_SEQUENCE, seq);
42}
43
44STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
45{
46 ASN1_TYPE *cap;
47 unsigned char *p;
48 cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
49 if (!cap) return NULL;
50 p = cap->value.sequence->data;
51 return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length,
52 (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE,
53 V_ASN1_UNIVERSAL);
54}
55
56/* Basic smime-capabilities OID and optional integer arg */
57int PKCS7_simple_smimecap(STACK *sk, int nid, int arg)
58{
59 X509_ALGOR *alg;
60 if(!(alg = X509_ALGOR_new())) {
61 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
62 return 0;
63 }
64 ASN1_OBJECT_free(alg->algorithm);
65 alg->algorithm = OBJ_nid2obj (nid);
66 if (arg > 0) {
67 ASN1_INTEGER *nbit;
68 if(!(alg->parameter = ASN1_TYPE_new())) {
69 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
70 return 0;
71 }
72 if(!(nbit = ASN1_INTEGER_new())) {
73 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
74 return 0;
75 }
76 if(!ASN1_INTEGER_set (nbit, arg)) {
77 PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
78 return 0;
79 }
80 alg->parameter->value.integer = nbit;
81 alg->parameter->type = V_ASN1_INTEGER;
82 }
83 sk_push (sk, (char *)alg);
84 return 1;
85}
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c
new file mode 100644
index 0000000000..734643be28
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_mime.c
@@ -0,0 +1,673 @@
1/* pk7_mime.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <ctype.h>
61#include "cryptlib.h"
62#include <openssl/rand.h>
63#include <openssl/x509.h>
64
65/* MIME and related routines */
66
67/* MIME format structures
68 * Note that all are translated to lower case apart from
69 * parameter values. Quotes are stripped off
70 */
71
72typedef struct {
73char *name; /* Name of line e.g. "content-type" */
74char *value; /* Value of line e.g. "text/plain" */
75STACK /* MIME_PARAM */ *params; /* Zero or more parameters */
76} MIME_HEADER;
77
78typedef struct {
79char *param_name; /* Param name e.g. "micalg" */
80char *param_value; /* Param value e.g. "sha1" */
81} MIME_PARAM;
82
83
84static int B64_write_PKCS7(BIO *bio, PKCS7 *p7);
85static PKCS7 *B64_read_PKCS7(BIO *bio);
86static char * strip_ends(char *name);
87static char * strip_start(char *name);
88static char * strip_end(char *name);
89static MIME_HEADER *mime_hdr_new(char *name, char *value);
90static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
91static STACK *mime_parse_hdr(BIO *bio);
92static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b);
93static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b);
94static void mime_param_free(MIME_PARAM *param);
95static int mime_bound_check(char *line, int linelen, char *bound, int blen);
96static int multi_split(BIO *bio, char *bound, STACK **ret);
97static int iscrlf(char c);
98static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name);
99static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
100static void mime_hdr_free(MIME_HEADER *hdr);
101
102#define MAX_SMLEN 1024
103#define mime_debug(x) /* x */
104
105
106typedef void (*stkfree)();
107
108/* Base 64 read and write of PKCS#7 structure */
109
110static int B64_write_PKCS7(BIO *bio, PKCS7 *p7)
111{
112 BIO *b64;
113 if(!(b64 = BIO_new(BIO_f_base64()))) {
114 PKCS7err(PKCS7_F_B64_WRITE_PKCS7,ERR_R_MALLOC_FAILURE);
115 return 0;
116 }
117 bio = BIO_push(b64, bio);
118 i2d_PKCS7_bio(bio, p7);
119 BIO_flush(bio);
120 bio = BIO_pop(bio);
121 BIO_free(b64);
122 return 1;
123}
124
125static PKCS7 *B64_read_PKCS7(BIO *bio)
126{
127 BIO *b64;
128 PKCS7 *p7;
129 if(!(b64 = BIO_new(BIO_f_base64()))) {
130 PKCS7err(PKCS7_F_B64_READ_PKCS7,ERR_R_MALLOC_FAILURE);
131 return 0;
132 }
133 bio = BIO_push(b64, bio);
134 if(!(p7 = d2i_PKCS7_bio(bio, NULL)))
135 PKCS7err(PKCS7_F_B64_READ_PKCS7,PKCS7_R_DECODE_ERROR);
136 BIO_flush(bio);
137 bio = BIO_pop(bio);
138 BIO_free(b64);
139 return p7;
140}
141
142/* SMIME sender */
143
144int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
145{
146 char linebuf[MAX_SMLEN];
147 char bound[33], c;
148 int i;
149 if((flags & PKCS7_DETACHED) && data) {
150 /* We want multipart/signed */
151 /* Generate a random boundary */
152 RAND_pseudo_bytes((unsigned char *)bound, 32);
153 for(i = 0; i < 32; i++) {
154 c = bound[i] & 0xf;
155 if(c < 10) c += '0';
156 else c += 'A' - 10;
157 bound[i] = c;
158 }
159 bound[32] = 0;
160 BIO_printf(bio, "MIME-Version: 1.0\n");
161 BIO_printf(bio, "Content-Type: multipart/signed ; ");
162 BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; ");
163 BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound);
164 BIO_printf(bio, "This is an S/MIME signed message\n\n");
165 /* Now write out the first part */
166 BIO_printf(bio, "------%s\r\n", bound);
167 if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n");
168 while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0)
169 BIO_write(bio, linebuf, i);
170 BIO_printf(bio, "\n------%s\n", bound);
171
172 /* Headers for signature */
173
174 BIO_printf(bio, "Content-Type: application/x-pkcs7-signature; name=\"smime.p7s\"\n");
175 BIO_printf(bio, "Content-Transfer-Encoding: base64\n");
176 BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7s\"\n\n");
177 B64_write_PKCS7(bio, p7);
178 BIO_printf(bio,"\n------%s--\n\n", bound);
179 return 1;
180 }
181 /* MIME headers */
182 BIO_printf(bio, "MIME-Version: 1.0\n");
183 BIO_printf(bio, "Content-Disposition: attachment; filename=\"smime.p7m\"\n");
184 BIO_printf(bio, "Content-Type: application/x-pkcs7-mime; name=\"smime.p7m\"\n");
185 BIO_printf(bio, "Content-Transfer-Encoding: base64\n\n");
186 B64_write_PKCS7(bio, p7);
187 BIO_printf(bio, "\n");
188 return 1;
189}
190
191/* SMIME reader: handle multipart/signed and opaque signing.
192 * in multipart case the content is placed in a memory BIO
193 * pointed to by "bcont". In opaque this is set to NULL
194 */
195
196PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
197{
198 BIO *p7in;
199 STACK *headers = NULL;
200 STACK *parts = NULL;
201 MIME_HEADER *hdr;
202 MIME_PARAM *prm;
203 PKCS7 *p7;
204 int ret;
205
206 if(bcont) *bcont = NULL;
207
208 if (!(headers = mime_parse_hdr(bio))) {
209 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_PARSE_ERROR);
210 return NULL;
211 }
212
213 if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
214 sk_pop_free(headers, mime_hdr_free);
215 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE);
216 return NULL;
217 }
218
219 /* Handle multipart/signed */
220
221 if(!strcmp(hdr->value, "multipart/signed")) {
222 /* Split into two parts */
223 prm = mime_param_find(hdr, "boundary");
224 if(!prm || !prm->param_value) {
225 sk_pop_free(headers, mime_hdr_free);
226 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY);
227 return NULL;
228 }
229 ret = multi_split(bio, prm->param_value, &parts);
230 sk_pop_free(headers, mime_hdr_free);
231 if(!ret || (sk_num(parts) != 2) ) {
232 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE);
233 sk_pop_free(parts, (stkfree)BIO_free);
234 return NULL;
235 }
236
237 /* Parse the signature piece */
238 p7in = (BIO *)sk_value(parts, 1);
239
240 if (!(headers = mime_parse_hdr(p7in))) {
241 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR);
242 sk_pop_free(parts, (stkfree)BIO_free);
243 return NULL;
244 }
245
246 /* Get content type */
247
248 if(!(hdr = mime_hdr_find(headers, "content-type")) ||
249 !hdr->value) {
250 sk_pop_free(headers, mime_hdr_free);
251 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE);
252 return NULL;
253 }
254
255 if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
256 strcmp(hdr->value, "application/pkcs7-signature")) {
257 sk_pop_free(headers, mime_hdr_free);
258 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE);
259 ERR_add_error_data(2, "type: ", hdr->value);
260 sk_pop_free(parts, (stkfree)BIO_free);
261 return NULL;
262 }
263 sk_pop_free(headers, mime_hdr_free);
264 /* Read in PKCS#7 */
265 if(!(p7 = B64_read_PKCS7(p7in))) {
266 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR);
267 sk_pop_free(parts, (stkfree)BIO_free);
268 return NULL;
269 }
270
271 if(bcont) {
272 *bcont = (BIO *)sk_value(parts, 0);
273 BIO_free(p7in);
274 sk_free(parts);
275 } else sk_pop_free(parts, (stkfree)BIO_free);
276 return p7;
277 }
278
279 /* OK, if not multipart/signed try opaque signature */
280
281 if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
282 strcmp (hdr->value, "application/pkcs7-mime")) {
283 PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE);
284 ERR_add_error_data(2, "type: ", hdr->value);
285 sk_pop_free(headers, mime_hdr_free);
286 return NULL;
287 }
288
289 sk_pop_free(headers, mime_hdr_free);
290
291 if(!(p7 = B64_read_PKCS7(bio))) {
292 PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR);
293 return NULL;
294 }
295 return p7;
296
297}
298
299/* Copy text from one BIO to another making the output CRLF at EOL */
300int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
301{
302 char eol;
303 int len;
304 char linebuf[MAX_SMLEN];
305 if(flags & PKCS7_BINARY) {
306 while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
307 BIO_write(out, linebuf, len);
308 return 1;
309 }
310 if(flags & PKCS7_TEXT) BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
311 while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
312 eol = 0;
313 while(iscrlf(linebuf[len - 1])) {
314 len--;
315 eol = 1;
316 }
317 BIO_write(out, linebuf, len);
318 if(eol) BIO_write(out, "\r\n", 2);
319 }
320 return 1;
321}
322
323/* Strip off headers if they are text/plain */
324int SMIME_text(BIO *in, BIO *out)
325{
326 char iobuf[4096];
327 int len;
328 STACK *headers;
329 MIME_HEADER *hdr;
330 if (!(headers = mime_parse_hdr(in))) {
331 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR);
332 return 0;
333 }
334 if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
335 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE);
336 sk_pop_free(headers, mime_hdr_free);
337 return 0;
338 }
339 if (strcmp (hdr->value, "text/plain")) {
340 PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE);
341 ERR_add_error_data(2, "type: ", hdr->value);
342 sk_pop_free(headers, mime_hdr_free);
343 return 0;
344 }
345 sk_pop_free(headers, mime_hdr_free);
346 while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
347 BIO_write(out, iobuf, len);
348 return 1;
349}
350
351/* Split a multipart/XXX message body into component parts: result is
352 * canonical parts in a STACK of bios
353 */
354
355static int multi_split(BIO *bio, char *bound, STACK **ret)
356{
357 char linebuf[MAX_SMLEN];
358 int len, blen;
359 BIO *bpart = NULL;
360 STACK *parts;
361 char state, part, first;
362 blen = strlen(bound);
363 part = 0;
364 state = 0;
365 first = 1;
366 parts = sk_new(NULL);
367 *ret = parts;
368 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
369 state = mime_bound_check(linebuf, len, bound, blen);
370 if(state == 1) {
371 first = 1;
372 part++;
373 } else if(state == 2) {
374 sk_push(parts, (char *)bpart);
375 return 1;
376 } else if(part) {
377 if(first) {
378 first = 0;
379 if(bpart) sk_push(parts, (char *)bpart);
380 bpart = BIO_new(BIO_s_mem());
381
382 } else BIO_write(bpart, "\r\n", 2);
383 /* Strip CR+LF from linebuf */
384 while(iscrlf(linebuf[len - 1])) len--;
385 BIO_write(bpart, linebuf, len);
386 }
387 }
388 return 0;
389}
390
391static int iscrlf(char c)
392{
393 if(c == '\r' || c == '\n') return 1;
394 return 0;
395}
396
397/* This is the big one: parse MIME header lines up to message body */
398
399#define MIME_INVALID 0
400#define MIME_START 1
401#define MIME_TYPE 2
402#define MIME_NAME 3
403#define MIME_VALUE 4
404#define MIME_QUOTE 5
405#define MIME_COMMENT 6
406
407
408static STACK *mime_parse_hdr(BIO *bio)
409{
410 char *p, *q, c;
411 char *ntmp;
412 char linebuf[MAX_SMLEN];
413 MIME_HEADER *mhdr = NULL;
414 STACK *headers;
415 int len, state, save_state = 0;
416 headers = sk_new(mime_hdr_cmp);
417 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
418 /* If whitespace at line start then continuation line */
419 if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
420 else state = MIME_START;
421 ntmp = NULL;
422 /* Go through all characters */
423 for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
424
425 /* State machine to handle MIME headers
426 * if this looks horrible that's because it *is*
427 */
428
429 switch(state) {
430 case MIME_START:
431 if(c == ':') {
432 state = MIME_TYPE;
433 *p = 0;
434 ntmp = strip_ends(q);
435 q = p + 1;
436 }
437 break;
438
439 case MIME_TYPE:
440 if(c == ';') {
441 mime_debug("Found End Value\n");
442 *p = 0;
443 mhdr = mime_hdr_new(ntmp, strip_ends(q));
444 sk_push(headers, (char *)mhdr);
445 ntmp = NULL;
446 q = p + 1;
447 state = MIME_NAME;
448 } else if(c == '(') {
449 save_state = state;
450 state = MIME_COMMENT;
451 }
452 break;
453
454 case MIME_COMMENT:
455 if(c == ')') {
456 state = save_state;
457 }
458 break;
459
460 case MIME_NAME:
461 if(c == '=') {
462 state = MIME_VALUE;
463 *p = 0;
464 ntmp = strip_ends(q);
465 q = p + 1;
466 }
467 break ;
468
469 case MIME_VALUE:
470 if(c == ';') {
471 state = MIME_NAME;
472 *p = 0;
473 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
474 ntmp = NULL;
475 q = p + 1;
476 } else if (c == '"') {
477 mime_debug("Found Quote\n");
478 state = MIME_QUOTE;
479 } else if(c == '(') {
480 save_state = state;
481 state = MIME_COMMENT;
482 }
483 break;
484
485 case MIME_QUOTE:
486 if(c == '"') {
487 mime_debug("Found Match Quote\n");
488 state = MIME_VALUE;
489 }
490 break;
491 }
492 }
493
494 if(state == MIME_TYPE) {
495 mhdr = mime_hdr_new(ntmp, strip_ends(q));
496 sk_push(headers, (char *)mhdr);
497 } else if(state == MIME_VALUE)
498 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
499 if(p == linebuf) break; /* Blank line means end of headers */
500}
501
502return headers;
503
504}
505
506static char *strip_ends(char *name)
507{
508 return strip_end(strip_start(name));
509}
510
511/* Strip a parameter of whitespace from start of param */
512static char *strip_start(char *name)
513{
514 char *p, c;
515 /* Look for first non white space or quote */
516 for(p = name; (c = *p) ;p++) {
517 if(c == '"') {
518 /* Next char is start of string if non null */
519 if(p[1]) return p + 1;
520 /* Else null string */
521 return NULL;
522 }
523 if(!isspace((unsigned char)c)) return p;
524 }
525 return NULL;
526}
527
528/* As above but strip from end of string : maybe should handle brackets? */
529static char *strip_end(char *name)
530{
531 char *p, c;
532 if(!name) return NULL;
533 /* Look for first non white space or quote */
534 for(p = name + strlen(name) - 1; p >= name ;p--) {
535 c = *p;
536 if(c == '"') {
537 if(p - 1 == name) return NULL;
538 *p = 0;
539 return name;
540 }
541 if(isspace((unsigned char)c)) *p = 0;
542 else return name;
543 }
544 return NULL;
545}
546
547static MIME_HEADER *mime_hdr_new(char *name, char *value)
548{
549 MIME_HEADER *mhdr;
550 char *tmpname, *tmpval, *p;
551 int c;
552 if(name) {
553 if(!(tmpname = BUF_strdup(name))) return NULL;
554 for(p = tmpname ; *p; p++) {
555 c = *p;
556 if(isupper(c)) {
557 c = tolower(c);
558 *p = c;
559 }
560 }
561 } else tmpname = NULL;
562 if(value) {
563 if(!(tmpval = BUF_strdup(value))) return NULL;
564 for(p = tmpval ; *p; p++) {
565 c = *p;
566 if(isupper(c)) {
567 c = tolower(c);
568 *p = c;
569 }
570 }
571 } else tmpval = NULL;
572 mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER));
573 if(!mhdr) return NULL;
574 mhdr->name = tmpname;
575 mhdr->value = tmpval;
576 if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL;
577 return mhdr;
578}
579
580static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
581{
582 char *tmpname, *tmpval, *p;
583 int c;
584 MIME_PARAM *mparam;
585 if(name) {
586 tmpname = BUF_strdup(name);
587 if(!tmpname) return 0;
588 for(p = tmpname ; *p; p++) {
589 c = *p;
590 if(isupper(c)) {
591 c = tolower(c);
592 *p = c;
593 }
594 }
595 } else tmpname = NULL;
596 if(value) {
597 tmpval = BUF_strdup(value);
598 if(!tmpval) return 0;
599 } else tmpval = NULL;
600 /* Parameter values are case sensitive so leave as is */
601 mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
602 if(!mparam) return 0;
603 mparam->param_name = tmpname;
604 mparam->param_value = tmpval;
605 sk_push(mhdr->params, (char *)mparam);
606 return 1;
607}
608
609static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b)
610{
611 return(strcmp((*a)->name, (*b)->name));
612}
613
614static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b)
615{
616 return(strcmp((*a)->param_name, (*b)->param_name));
617}
618
619/* Find a header with a given name (if possible) */
620
621static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name)
622{
623 MIME_HEADER htmp;
624 int idx;
625 htmp.name = name;
626 idx = sk_find(hdrs, (char *)&htmp);
627 if(idx < 0) return NULL;
628 return (MIME_HEADER *)sk_value(hdrs, idx);
629}
630
631static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
632{
633 MIME_PARAM param;
634 int idx;
635 param.param_name = name;
636 idx = sk_find(hdr->params, (char *)&param);
637 if(idx < 0) return NULL;
638 return (MIME_PARAM *)sk_value(hdr->params, idx);
639}
640
641static void mime_hdr_free(MIME_HEADER *hdr)
642{
643 if(hdr->name) Free(hdr->name);
644 if(hdr->value) Free(hdr->value);
645 if(hdr->params) sk_pop_free(hdr->params, mime_param_free);
646 Free(hdr);
647}
648
649static void mime_param_free(MIME_PARAM *param)
650{
651 if(param->param_name) Free(param->param_name);
652 if(param->param_value) Free(param->param_value);
653 Free(param);
654}
655
656/* Check for a multipart boundary. Returns:
657 * 0 : no boundary
658 * 1 : part boundary
659 * 2 : final boundary
660 */
661static int mime_bound_check(char *line, int linelen, char *bound, int blen)
662{
663 if(linelen == -1) linelen = strlen(line);
664 if(blen == -1) blen = strlen(bound);
665 /* Quickly eliminate if line length too short */
666 if(blen + 2 > linelen) return 0;
667 /* Check for part boundary */
668 if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
669 if(!strncmp(line + blen + 2, "--", 2)) return 2;
670 else return 1;
671 }
672 return 0;
673}
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c
new file mode 100644
index 0000000000..b41f42ed04
--- /dev/null
+++ b/src/lib/libcrypto/pkcs7/pk7_smime.c
@@ -0,0 +1,427 @@
1/* pk7_smime.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59/* Simple PKCS#7 processing functions */
60
61#include <stdio.h>
62#include "cryptlib.h"
63#include <openssl/x509.h>
64#include <openssl/x509v3.h>
65
66PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
67 BIO *data, int flags)
68{
69 PKCS7 *p7;
70 PKCS7_SIGNER_INFO *si;
71 BIO *p7bio;
72 STACK *smcap;
73 int i;
74
75 if(!X509_check_private_key(signcert, pkey)) {
76 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
77 return NULL;
78 }
79
80 if(!(p7 = PKCS7_new())) {
81 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
82 return NULL;
83 }
84
85 PKCS7_set_type(p7, NID_pkcs7_signed);
86
87 PKCS7_content_new(p7, NID_pkcs7_data);
88
89 if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha1()))) {
90 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
91 return NULL;
92 }
93
94 if(!(flags & PKCS7_NOCERTS)) {
95 PKCS7_add_certificate(p7, signcert);
96 if(certs) for(i = 0; i < sk_X509_num(certs); i++)
97 PKCS7_add_certificate(p7, sk_X509_value(certs, i));
98 }
99
100 if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
101 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
102 return NULL;
103 }
104
105
106 SMIME_crlf_copy(data, p7bio, flags);
107
108 if(!(flags & PKCS7_NOATTR)) {
109 PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
110 V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data));
111 /* Add SMIMECapabilities */
112 if(!(smcap = sk_new(NULL))) {
113 PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
114 return NULL;
115 }
116#ifndef NO_DES
117 PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1);
118#endif
119#ifndef NO_RC2
120 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128);
121 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64);
122#endif
123#ifndef NO_DES
124 PKCS7_simple_smimecap (smcap, NID_des_cbc, -1);
125#endif
126#ifndef NO_RC2
127 PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40);
128#endif
129 PKCS7_add_attrib_smimecap (si, smcap);
130 sk_pop_free(smcap, X509_ALGOR_free);
131 }
132
133 if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
134
135 if (!PKCS7_dataFinal(p7,p7bio)) {
136 PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
137 return NULL;
138 }
139
140 BIO_free_all(p7bio);
141 return p7;
142}
143
144int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
145 BIO *indata, BIO *out, int flags)
146{
147 STACK_OF(X509) *signers;
148 X509 *signer;
149 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
150 PKCS7_SIGNER_INFO *si;
151 X509_STORE_CTX cert_ctx;
152 char buf[4096];
153 int i, j=0;
154 BIO *p7bio;
155 BIO *tmpout;
156
157 if(!p7) {
158 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
159 return 0;
160 }
161
162 if(!PKCS7_type_is_signed(p7)) {
163 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
164 return 0;
165 }
166
167 /* Check for no data and no content: no data to verify signature */
168 if(PKCS7_get_detached(p7) && !indata) {
169 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
170 return 0;
171 }
172
173 /* Check for data and content: two sets of data */
174 if(!PKCS7_get_detached(p7) && indata) {
175 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
176 return 0;
177 }
178
179 sinfos = PKCS7_get_signer_info(p7);
180
181 if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
182 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
183 return 0;
184 }
185
186
187 signers = PKCS7_get0_signers(p7, certs, flags);
188
189 if(!signers) return 0;
190
191 /* Now verify the certificates */
192
193 if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) {
194 signer = sk_X509_value (signers, i);
195 if (!(flags & PKCS7_NOCHAIN)) {
196 X509_STORE_CTX_init(&cert_ctx, store, signer,
197 p7->d.sign->cert);
198 X509_STORE_CTX_set_purpose(&cert_ctx,
199 X509_PURPOSE_SMIME_SIGN);
200 } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL);
201 i = X509_verify_cert(&cert_ctx);
202 if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
203 X509_STORE_CTX_cleanup(&cert_ctx);
204 if (i <= 0) {
205 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
206 ERR_add_error_data(2, "Verify error:",
207 X509_verify_cert_error_string(j));
208 sk_X509_free(signers);
209 return 0;
210 }
211 /* Check for revocation status here */
212 }
213
214 p7bio=PKCS7_dataInit(p7,indata);
215
216 if(flags & PKCS7_TEXT) {
217 if(!(tmpout = BIO_new(BIO_s_mem()))) {
218 PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
219 goto err;
220 }
221 } else tmpout = out;
222
223 /* We now have to 'read' from p7bio to calculate digests etc. */
224 for (;;)
225 {
226 i=BIO_read(p7bio,buf,sizeof(buf));
227 if (i <= 0) break;
228 if (tmpout) BIO_write(tmpout, buf, i);
229 }
230
231 if(flags & PKCS7_TEXT) {
232 if(!SMIME_text(tmpout, out)) {
233 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
234 BIO_free(tmpout);
235 goto err;
236 }
237 BIO_free(tmpout);
238 }
239
240 /* Now Verify All Signatures */
241 if (!(flags & PKCS7_NOSIGS))
242 for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
243 {
244 si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
245 signer = sk_X509_value (signers, i);
246 j=PKCS7_signatureVerify(p7bio,p7,si, signer);
247 if (j <= 0) {
248 PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
249 goto err;
250 }
251 }
252
253 sk_X509_free(signers);
254 if(indata) BIO_pop(p7bio);
255 BIO_free_all(p7bio);
256
257 return 1;
258
259 err:
260
261 sk_X509_free(signers);
262 BIO_free(p7bio);
263
264 return 0;
265}
266
267STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
268{
269 STACK_OF(X509) *signers;
270 STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
271 PKCS7_SIGNER_INFO *si;
272 PKCS7_ISSUER_AND_SERIAL *ias;
273 X509 *signer;
274 int i;
275
276 if(!p7) {
277 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
278 return NULL;
279 }
280
281 if(!PKCS7_type_is_signed(p7)) {
282 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
283 return NULL;
284 }
285 if(!(signers = sk_X509_new(NULL))) {
286 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
287 return NULL;
288 }
289
290 /* Collect all the signers together */
291
292 sinfos = PKCS7_get_signer_info(p7);
293
294 if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
295 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
296 return 0;
297 }
298
299 for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
300 {
301 si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
302 ias = si->issuer_and_serial;
303 signer = NULL;
304 /* If any certificates passed they take priority */
305 if (certs) signer = X509_find_by_issuer_and_serial (certs,
306 ias->issuer, ias->serial);
307 if (!signer && !(flags & PKCS7_NOINTERN)
308 && p7->d.sign->cert) signer =
309 X509_find_by_issuer_and_serial (p7->d.sign->cert,
310 ias->issuer, ias->serial);
311 if (!signer) {
312 PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
313 sk_X509_free(signers);
314 return 0;
315 }
316
317 sk_X509_push(signers, signer);
318 }
319 return signers;
320}
321
322
323/* Build a complete PKCS#7 enveloped data */
324
325PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher,
326 int flags)
327{
328 PKCS7 *p7;
329 BIO *p7bio = NULL;
330 int i;
331 X509 *x509;
332 if(!(p7 = PKCS7_new())) {
333 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
334 return NULL;
335 }
336
337 PKCS7_set_type(p7, NID_pkcs7_enveloped);
338 if(!PKCS7_set_cipher(p7, cipher)) {
339 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
340 goto err;
341 }
342
343 for(i = 0; i < sk_X509_num(certs); i++) {
344 x509 = sk_X509_value(certs, i);
345 if(!PKCS7_add_recipient(p7, x509)) {
346 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
347 PKCS7_R_ERROR_ADDING_RECIPIENT);
348 goto err;
349 }
350 }
351
352 if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
353 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
354 goto err;
355 }
356
357 SMIME_crlf_copy(in, p7bio, flags);
358
359 BIO_flush(p7bio);
360
361 if (!PKCS7_dataFinal(p7,p7bio)) {
362 PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
363 goto err;
364 }
365 BIO_free_all(p7bio);
366
367 return p7;
368
369 err:
370
371 BIO_free(p7bio);
372 PKCS7_free(p7);
373 return NULL;
374
375}
376
377int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
378{
379 BIO *tmpmem;
380 int ret, i;
381 char buf[4096];
382
383 if(!p7) {
384 PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
385 return 0;
386 }
387
388 if(!PKCS7_type_is_enveloped(p7)) {
389 PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
390 return 0;
391 }
392
393 if(!X509_check_private_key(cert, pkey)) {
394 PKCS7err(PKCS7_F_PKCS7_DECRYPT,
395 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
396 return 0;
397 }
398
399 if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
400 PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
401 return 0;
402 }
403
404 if (flags & PKCS7_TEXT) {
405 BIO *tmpbuf, *bread;
406 /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
407 if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
408 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
409 return 0;
410 }
411 if(!(bread = BIO_push(tmpbuf, tmpmem))) {
412 PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
413 return 0;
414 }
415 ret = SMIME_text(bread, data);
416 BIO_free_all(bread);
417 return ret;
418 } else {
419 for(;;) {
420 i = BIO_read(tmpmem, buf, sizeof(buf));
421 if(i <= 0) break;
422 BIO_write(data, buf, i);
423 }
424 BIO_free_all(tmpmem);
425 return 1;
426 }
427}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-14 19:58:54 +0000